Re: creating an A record for .com when my domain is .local

Hi Josh,

There are a few different ways to deal with this one.

1. Enable NAT loopback on your router / firewall (if it can)
2. Use DNS Doctoring (again, network layer)
3. Create the Forward Lookup Zone

For 3 I suggest you create the forward lookup zone called mail.acme.com.
Add a Host (A) record to the zone with a blank name and the internal IP
address.

Flush your DNS cache and you should find that "mail.acme.com" resolves
to the specified internal IP. The rest of the zone will resolve via the
public DNS servers as normal.

HTH

Chris

Josh wrote:
> Hi,
> I have a Windows SBS 2003 server, which hosts our internal DNS. Our
> internal active directory domain is acme.local, but we use acme.com on
> the outside. Our internal DNS server only hosts records for
> acme.local, while acme.com is hosted by external DNS servers. I would
> like to create an A record for acme.com on our internal server however
> so that mail.acme.com will not direct our internal users to the
> outside of our firewall, but instead directly to our internal mail
> server. Can somebody please tell me how to do this? It seems like I
> can only create A records for acme.local...do I need to create a new
> zone for .com? Will this screw up anything else?
>
> Thanks,
> Josh

Josh wrote:
> Thanks for the replies. My firewall is a Cisco ASA, so I will go try
> to figure out how to configure options 1 or 2 on that. Otherwise I
> will do option 3 and just create a new zone. If I create a new zone
> for mail.acme.com, as opposed to just acme.com, that should make it so
> the other external A records for acme.com like www, etc, should not be
> affected, correct?

Yes, that is correct. You're only claiming responsility for
mail.acme.com. Everything else will resolve as it does now.

Chris

Josh wrote:
> If I create a new zone for mail.acme.com, as opposed to just
> acme.com, that should make it so the other external A records for
> acme.com like www, etc, should not be affected, correct?

Correct.

I suggest option 3 over options 1 and 2. Both options 1 and 2 react to
the problem after the fact. Where as option 3 gives the client the
correct information before the fact.

Option 1 will also cause your mail server to see the internal
connections coming from the internal IP of your router, not the actual
IP of your client computer(s).



Grant. . . .

"Grant Taylor" <> wrote in message news:hq5l4j$mcm$...
> Josh wrote:
>> If I create a new zone for mail.acme.com, as opposed to just
>> acme.com, that should make it so the other external A records for
>> acme.com like www, etc, should not be affected, correct?
>
> Correct.
>
> I suggest option 3 over options 1 and 2. Both options 1 and 2 react to
> the problem after the fact. Where as option 3 gives the client the
> correct information before the fact.
>
> Option 1 will also cause your mail server to see the internal
> connections coming from the internal IP of your router, not the actual
> IP of your client computer(s).
>
>
>
> Grant. . .

I don't believe a Cisco ASA supports "u-turns" or by any other name. I suggest and recommend Option #3, as well.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.