Web Mail Not Working After Adding New DNS Zone
-
Our new domain name is rose.internal and we have joined all workstations, servers, and DC's to rose.internal. I have an external DNS record pointing owncloud.roseradiology.com to a public address. I dont want to change that unless I have to. Being that our new domain is rose.internal and owncloud's address is owncloud.roseradiology.com I added a new zone to DNS called owncloud.roseradiology.com and pointed it to internal IP. Works OK. But several centers cant reach webmail at mail.roseradiology.com Where do I start to fix this? Im sure Im going to catch hell from several ML members.
-
Did you do an nslookup on the mail.roseradiology.com? Does it return the correct address?
-
yes and it does not
-
By creating the zone you have given your internal DNS servers responsibility for the entire roseradiology.com domain. Therefore, if they do not have a given record they cannot resolve it.
-
So if I add a record for mail.roseradiology.com that should fix?
-
And any other *.roseradiology.com records you will need, e.g. www. ., etc. I'm trying to remember best practices for this. I'm drawing a blank, other than I know that creating a new zone is not what you want to do...
Sorry, today is a little nuts.
-
We went down this rabbit hole with you before in the original thread.
As @Kelly just said, if you add roseradiology.com as a zone, then you will need to handle the DNS for it also. Basically you will need to set everything on your internal server to match your external DNS settings. Effectively setting everything twice.
-
You become authoritative for that domain once you add it as an forward lookup zone - so machines on your internal domain will look there first and only. If you're missing an A record in your new zone, lookups will fail.
-
@JaredBusch So its a bad idea right?
-
so is it better to keep it on rose.internal and register that domain?
-
so what is the best practice here? set everything twice?
-
@alex.olynyk said in Web Mail Not Working After Adding New DNS Zone:
@JaredBusch So its a bad idea right?
Really - it depends. But I wouldn't say it's bad, it's just a split horizon DNS that you've created.
-
@alex.olynyk said in Web Mail Not Working After Adding New DNS Zone:
so is it better to keep it on rose.internal and register that domain?
is there a .internal TLD? and what good would it do? You wouldn't want to put internal IPs into a global answering DNS server.
-
@alex.olynyk said in Web Mail Not Working After Adding New DNS Zone:
so what is the best practice here? set everything twice?
Best Practice - great question,
I see to options
- do what you did and manage internal IPs and external IPs separately.
- if your router supports hairpin routing, then you can skip the internal hosting of zone roseradiology.com.
Hairpin routing means that your PC wants to go to an internal resource, but DNS declares that it's on the internet somewhere. When the packet gets to the router, it (the router) realizes that the packet is really meant for an internal source, so it sends the packet back to the internal server. Not all routers/firewalls support this.
-
As far as best practice goes, Microsoft has gone back and forth on the issue between split DNS and internal domain name. The last time I looked, they recommended a subdomain for your internal network. So instead of domain.com inside and out, or domain.local inside and domain.com outside, they use ad.domain.com inside and domain.com outside.
I've dealt with them all and they all have their advantages and disadvantages. At the end of the day, I think you just need to understand them and pick the one that works best for that client.
-
@Dashrender so a split horizon DNS would be creating a zone for roseradiology.com and then adding internal records for mail, www, etc
Our new active directory domain is rose.internal so would that be the top level domain?
-
What about creating a CNAME that points to the internal A record?
For example:
A 192.168.1.5 ownlcloud.rose.internal
CNAME owncloud.roseradiology.com owncloud.rose.internal -
@alex.olynyk said in Web Mail Not Working After Adding New DNS Zone:
@Dashrender so a split horizon DNS would be creating a zone for roseradiology.com and then adding internal records for mail, www, etc
Our new active directory domain is rose.internal so would that be the top level domain?
Correct, rose.internal is your internal TLD. But .internal does not exist on the internet, so you asked about registering it, you can't register is for use on the internet. Think of it like the 10.x.x.x network. You can use that internally, but not on the internet. You can have any TLD internally that you want, but when it comes to what is used on the internet, you have to follow the ICANN rules.
-
@Kelly said in Web Mail Not Working After Adding New DNS Zone:
What about creating a CNAME that points to the internal A record?
For example:
A 192.168.1.5 ownlcloud.rose.internal
CNAME owncloud.roseradiology.com owncloud.rose.internalIs of course is the best solution when using Split Horizon DNS because if the internal IP changes, the records will all follow.
-
so whoever hosts the DNS for my domain should be able to create a CNAME to alias owncloud.roseradiology.com to owncloud.rose.internal? Correct?
