question

AdminICBaku-7393 avatar image
0 Votes"
AdminICBaku-7393 asked KaelYao-MSFT commented

MS exchange internal and external dns

Hello,

I have a question for public and private domain. We use same domain name internally and externally like mydomain.az. Currently I want to setup an exchange 2016 server in my environment. Will I have problems if I register ns1.mydomain.az, ns2.mydomain.az with my domain provider and create MX and A records on my internal dns server without changing the internal domain name.

I don't want to rename domain name because I have more than 100 clients on the domain controller right now.

I need help who has encountered this issue.

office-exchange-server-administrationwindows-active-directorywindows-dhcp-dns
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

Thameur-BOURBITA avatar image
1 Vote"
Thameur-BOURBITA answered AdminICBaku-7393 commented

Hi

It should works without problem. In case the external and internal DNS zone use the same DNS name , when client want resolve a external DNS entry it's not possible because it will look only in internal DNS zone and the internal DNS server will not forward the request to external DNS because there is a internal DNS zone with same name. Therefore any DNS record created in external DNS zone should be also created in internal DNS zone to let internal server resolve them.


Please don't forget to mark helpful reply as answer

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AdminICBaku-7393 avatar image AdminICBaku-7393 ·

Hi, I guess the problem may occur when users connect to the web server. However, I currently don't have a web server and only my email address works outside on this domain.
Currently, my ns addresses are connected to yandex.net on my domain provider, and I want to use it as my own domain, ns1.mydomain.az and ns2.mydomain.az

0 Votes 0 ·
GaryReynolds avatar image
1 Vote"
GaryReynolds answered AdminICBaku-7393 commented

Hi AdminICBaku-7393,

Yes you can configure DNS without the need to rename the domain. Have a look at this article which provides some background on split-brain configurations.

https://www.itprotoday.com/windows-78/split-brain-dns

The article explains how to use DNS policies to configure split-brain DNS on your Windows 2016 servers, and avoid some of the common issues with split-brain configuration.

https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/split-brain-dns-deployment

Gary.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AdminICBaku-7393 avatar image AdminICBaku-7393 ·

Hi Gary, I will check your solution, interesting for me.

0 Votes 0 ·
KaelYao-MSFT avatar image
0 Votes"
KaelYao-MSFT answered KaelYao-MSFT commented

Hi @AdminICBaku-7393

According to the post, I suppose ns1.mydomain.az and ns2.mydomain.az would be used as SMTP domains.
For example, you are going to use userA@ns1.mydomain.az, userB@ns2.mydomain.az as mailbox addresses without affecting Active Directory.

If I misunderstood it, please feel free to correct me.

To me there is no need to add MX or A records for these domains on your internal DNS server.
But you may need to add these records in public DNS to make mail flow and client access from external work.

On Exchange server you also need to add these domains as accepted domain to receive emails sent to these domains.
To use these domains as mailbox email addresses, you can configure an email address policy.

More information can be found in this link: Configure Exchange to accept mail for multiple authoritative domains

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 6
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AdminICBaku-7393 avatar image AdminICBaku-7393 ·

Hi KaelYao-MSFT,

Currently, yandex mail is used within the company and all mailboxes of the company are kept there. And I have NS records on my domain provider from which I bought the domain, registered directly on yandex.net like this NS1.yandex.net, NS2.yandex.net.

I want to move my email server to exchange and forward my NS records on my domain provider to my own local dns server, not yandex.net . So I want to change my NS records as NS1.mydomain.az, NS2.mydomain.az and link these records to my own Public IP address.But I have a problem, my local domain name that I use on domain controls is also mydomain.az, so my external and internal domain name is the same.
If my internal domain name was mydomain.local and not mydomain.az, I could easily solve this using accepted domain on exchange and use a new forward lookup zone on my internal dns server.

I don't know if I'll have problems right now because my internal and external domains are the same and my email addresses are like name.surname@mydomain.az

0 Votes 0 ·
KaelYao-MSFT avatar image KaelYao-MSFT AdminICBaku-7393 ·

Sorry I misunderstood it.
Thanks for the clarification.

So your SMTP domain would be the same as AD domain.
If this is the case, it is a more simple scenario (don't need the additional configuration like adding accepted domains mentioned above) and you won't have problems with it.

You may only need to configure the required DNS records in public DNS for mail flow and external mailbox access, in other words, publish your Exchange server to the internet.
183603-51.png

0 Votes 0 ·
51.png (10.5 KiB)
AdminICBaku-7393 avatar image AdminICBaku-7393 KaelYao-MSFT ·

If I configure this configuration on my local dns server and open the required ports through the firewall, will I have problems? Since I can only write NS records in my public DNS provider, I want to forward all the configuration with NS records on my local DNS server since I am not using mail hosting.

0 Votes 0 ·
Show more comments