Use of DNS Alias

Kirk "kirkb at dogsplace dot net" at giganews.com
Fri Aug 4 10:38:06 UTC 2006 

DNSer wrote:
> I run a shop with W2K3 AD integrated DNS.  I also host an Exchange 2003
> server.
> 
> We have a CISCO Firewall in the network and until recently I used DNS
> doctoring (aliasing) to redirect requests from my inside users for the
> publicly registered email server   In other words, I had a firewall
> rule that specified my publicly registered email server (MX), i.e.
> mail.mydomain.com, is found at mail.inside.mydomain.com.  It worked
> great --there were no problems with name resolutions and email. After
> maintenance on the firewall, this DNS doctoring stopped working
> altogether.
> 
> This has become a real annoyance since I have a lot of branch office
> and mobile users who visit
> the main office and can not access email because the mail host is named
> differently on the inside from the public email name.  And without
> changing settings in their mail client and \ or
> providing a  "new" address for their OWA, they cannot get to their
> email.
> 
> I've troubleshot the problem with CISCO -- there's no way to recapture
> the functionality without
> changing hardware -- not a very practical solution.  I've thought there
> may be a way
> to do it in DNS with the use of CNAME RR.  But I've also heard there
> may be problems
> using cname references for mail servers.
> 
> Does anyone have experience with this type of problem and if so, how
> did you resolve the
> problem?  Any advice or guidance is greatly appreciated.
> 
> DNSer
> 
> 
This is a BIND newsgroup.  Not email, firewall, microsoft, or Cisco.

However,  if I am understanding your situation correctly and you are
in control of your name server records, it sounds like you need to
maintain two versions of mydomain.com.  An internal and external version.

Internal clients bring up their computers, they get a DHCP scope which
provides them with internal name servers to translate privately named
hosts(and MX records) to privately named IP's of mydomain.com.

External clients will do as they have been and see the publicly
available records which already exist.

More information about the bind-users mailing list