Pro's and Con's of separating Internal Domain and Internet Domain - Rookie Pilot!!!

I am about to install SBS2003 Premium Edition (5 users max). I have
registered an Internet Domain Name and the registrar (Network Solutions)
provides FREE DNS hosting.

I am weighing up the pros and cons of using my Internet Domain Name
internally aswell.

Internal Exchange email will only be used by 5 users so about 99% of mail
will be coming via the Internet.

Does SBS insist on a separate Internal Domain name (domain.local) or can I
use the Internet Domain Name?

Why is this a bad idea?

I have a static IP address. My SBS2003 box will be dual homed AND I have a
Netgear Router between the ext NIC of the SBS Box and the ADSL modem which
can provide additional Firewall services.

Kind Regards

Tim

 

Let me put it this way: To the best of my knowledge there is NOT a single
reason why one should name an AD domain using .com and there are MULTIPLE
reasons why you should use .local (or other non-TLD).

Your AD domain has nothing to do with your Exchange (mail) domain. Use
..local (unless you plan to have Mac clients... in which case use
..something-else, like .sbs or .office) when you run CEICW (Configure Email
and Interner Connection Wizard) then you put the real FQDN (yourdomain.com)
there.

Also take a look at...
The Domain Name System Name Recommendations
http://support.microsoft.com/default.aspx?scid=kb;EN-US;296250

 

Thanks Javier

That's clear! I'll definately use a seperate internal namespace like .local
(no MACS on my network).
I am new to messaging. I thought that Exchange relied on the AD domain as
it's directory.

Is there any paper explaining how the Exchange 2003 Server in SBS2003 knows
that incoming mail from the internet sent to should be
delivered to the mailbox of ?

I know that I'll need to register an MX record and a A host record with
Network Solutions but I'd like to understand how this all works.

Please excuse me if this is a stupid question (forgive my ignorance).

Kind Regards

Tim

 

I am about to install SBS2003 Premium Edition (5 users max). I have

Thanks for posting your question.
The main issue is that you could have some name resolution conflicts
between internal and external namespaces. You can name your Active
Directory name what you wish, but the best practices are to use a seperate
internal (AD) and external (internet) namespace.
It is also not recommended to have a single-label Active Directory domain.
These are the old NT4-style domain names (domain instead of domain.com or
domain.local). You WILL run into issues if you choose to do this. See KB
826743 "Clients cannot dynamically register DNS records in a single-label
domain" http://support.microsoft.com/?id=826743.
Thanks!



--

Wesley Kendall
Small Business Server Product Support

This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! http://www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.

=====================================================

 

Thanks Wesley

As I said in my reply to Javier, my ignorance is one of understanding how
Exchange 2003 works more than anything else. I've only ever used web based
mail. If you have any simple white papers I'd be grateful.

Kind Regards

Tim

 

Hi!

I don't know about any paper explaining this exactly... but let me give it a
shot: First of all lets start by saying that Exchange it is not limited by
one domain... any user can have many email addresses associated with it
(even with different domains, although this requires adding it to the
recipient policies). When you setup Exchange using CEICW it will assign both
email addresses to the user in AD. However, realize that the SMTP address is
added to the users AD account (which is coincidentally is
) not the other way around... a user could have
associated the .com address and not the .local one.

Remember that the MX/A records only tell the whole world how to get mail
into your server. What Exchange does with mail after getting it is another
story.

 

Basically Exchange delivers to mailboxes to which users connect. It accepts
mail addressed to specified DNS domains and routes outbound mail to DNS
domains. It really doesn't need to "know" about the domain in which it runs.

Axel

 

Is there any paper explaining how the Exchange 2003 Server in SBS2003

Exchange uses Recipient Policies. These policies are rather flexible and
allow mapping of email addresses to AD user accounts. Let's say that we
install a new SBS with an AD domain of company.local and when we run the
CEICW we specify that our public email domain is company.com. The CEICW
will create a new default recipient policy for '@company.com.' Since
Exchange is tightly integrated with AD, Exchange will update each user's AD
account properties with an additional SMTP email address of
%username%@company.com. Therefore, if you're usernames are in the format of
firstname.lastname, each user will have an email address of
. Now, if you wanted your email aliases to be
different from your usernames, you could edit your default recipient policy.
For example, if you decided you wanted everyone to have usernames of
firstname.lastname, but you wanted their email aliases to be
, you could edit your recipient policy by
entering variables to the recipient policy. For example, a recipient policy
of %1g% results in users having an email alias of
. (KB 285136 provided below details the
variables available for use in recipient policies)

For more info:

240404 - XADM: Exchange 2000 Server Recipient Policies:
http://support.microsoft.com/default.aspx?scid=kb;en-us;240404&Product=exchange

319201 - HOW TO: Use Recipient Policies to Control E-mail Addresses in
Exchange 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;319201&Product=exchange

285136 - XADM: How to Customize the SMTP E-mail Address Generators Through
Recipient Policies:
http://support.microsoft.com/default.aspx?scid=kb;en-us;285136&Product=exchange


--

Chad A. Gross - SBS MVP
SBS ROCKS!

www.msmvps.com/cgross
www.gosbs.org

 

Tim,

FYI, there is a wizard that helps you configure all this. The wizard has
it's own help.

If you have a domain 4myown.com, the SBS install will prompt you during set
up for your domain name and your email domain name.

Your internal domain name will be something like 4myown.lan or 4myown.local
or 4myown.otl or armpit.bodypart based on your choice.

When you run the ECICW (a wizard that runs you through connecting to the
internet, configuring the firewall and exchange) you will be prompted to add
your email domain. So if you want to receive mail like tim @ 4myown.com then
you would insert 4myown.com in the email domain name textbox.

This topic is covered at length in SBS Help and Information (A under used
resource that is on every box) here are the articles:

Title: Connect to the Internet
mkMSITStore:C:\WINNT\help\SBSMain.chm::/TDLc_ConnectInternet.htm

Title: Understanding the Configure E-mail and Internet Connection Wizard
mkMSITStore:C:\WINNT\help\SBSMain.chm::/INTc_icw.htm

Title: Understanding Your Network
mkMSITStore:C:\WINNT\help\SBSGS.chm::/appendixb.htm#networkingbasics

(note: to use these links open SBS help> Right click on the title bar >
select Jump to URL and paste in the link)

Additional info:
E-mail Name Resolution
When configuring Internet e-mail, it is important to understand how e-mail
names are resolved. For an SMTP-based mail server (Exchange) to receive
e-mail from another SMTP-based mail server (such as your ISP mail server)
you must have a registered e-mail Internet domain name, such as
microsoft.com. You must also request that your ISP create a DNS mail
exchange (MX) resource record and a DNS address (A) resource record for the
server. SMTP relies on DNS MX records to direct e-mail for a particular
domain name to the correct destination.

To configure e-mail settings for Windows Small Business Server 2003, run the
Configure E-mail and Internet Connection Wizard. Running the wizard enables
you to properly configure your Internet e-mail for both SMTP and POP3 using
information that you obtain from your ISP.

Please give me some feedback if this is helpful.

Cheers,

Jeff Loucks
Available Technology ®
Solutions For Professionals ®
www.availabletechnology.com

 

Thanks Jeff

Yes that helps alot. I think I understand.

Ideally I'd like to register the MX and A records that Exchange requires
with Network Solutions (who registered my Internet Domain Name) rather than
my ISP (Bigpond).

The Internal DNS server will still forward all Internet queries to the ISP's
DNS servers.

Would this cause any issues?

Kind Regards

Tim

 

No problems... that is how it is supposed to work.

You may get stuck. I am watching this thread if you have other questions.

Regards,
Jeff Loucks
Available Technology ®
Solutions For Professionals ®
www.availabletechnology.com

 

Just use .lan or something else if you want the macs to be fine. You can
Google the NG with MAC and .local for more info.

Here is the link:
http://groups.google.ca/groups?q=mi...+Mac+.local&ie=UTF-8&hl=en&btnG=Google+Search


Regards,
Jeff Loucks
Available Technology ®
Solutions For Professionals ®
www.availabletechnology.com