Internal and Public DNS conflict breaks mail

Similar Messages

• Setup internal and external DNS namespaces best practice

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local) able to run on the same DNS server (using Microsoft Windows DNS servers)?
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly
  or companydomain.com then create a subdomain corp?
  Thanks in advanced.
  William Lee
  Honf Kong

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local)
  able to run on the same DNS server (using Microsoft Windows DNS servers)?
  Yes, it is technically feasible. You can have both of them running on the same DNS server(s). Just only your public DNS zone can be published for external resolution.
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com
  if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly or companydomain.com then create a subdomain corp?
  What is recommended is to avoid having a split-DNS setup (You internal and external DNS names are the same). This is because it introduces extra complexity and confusion when managing it.
  My own recommendation is to use .local for internal zone and .com for external one.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Cloudflare Public DNS and Internal AD Domain DNS conflict?

  I have a client whose web design team is using cloudflare for their public nameservers. At the clients location, we have an active directory domain with several servers, and we are running internal DNS for their domain (lets say "client.com" is the domain).The problem I'm seeing is that since PC's in their office need to point to internal DNS, every time CloudFlare changes the IP address of their website -- which seems to happen at least every other week, sometimes multiple times in a week, I have to manually update my internal DNS records with the new IP addresses so that the website is accessible again from within their office. Obviously those that are outside of the office have no problem since external users are looking to public DNS servers that then point to the cloudflare nameservers. But I'm not sure how to make this happen...
  This topic first appeared in the Spiceworks Community

  I ran the test again with the verbose switch. Relevant part in bold.
                 TEST: Basic (Basc)
                    The OS
                    Microsoft Windows Server 2008 R2 Standard  (Service Pack level: 1.0)
                    is supported.
                    NETLOGON service is running
                    kdc service is running
                    DNSCACHE service is running
                    DNS service is running
                    DC is a DNS server
                    Network adapters information:
                    Adapter [00000007] Intel(R) PRO/1000 MT Network Connection:
                       MAC address is redacted
                       IP Address is static
                       IP address: redacted
                       DNS servers:
                          redacted [Valid]
                          redacted [Valid]
                          redacted [Valid]
                    The A host record(s) for this DC was found
  The SOA record for the Active Directory zone was not found
  Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration)
  Root zone on this DC/DNS server was not found
  So, I just need to know how to fix the SOA record.  Looking that up now.

• Meeting Place Web Servers ( Internal and External )DNS and IP Addressing

  For the Meetingplace 8.5 what will be the IP addresses of the Internal Web Server ( Internal IP's from the same subnet as of the CUCM) and for the External one interface from the internal network subnet ( CUCM subnet)  and the other Public IP address?
  How we will be mapping the DNS FQDN for these IP addresses?
  Do we need to have one internal DNS server and the other place in the DMZ?

  Hi Ali,
  You need two Web Server one Internal and one External. While configuring you internal web server you also add external if external particpants are allowed or not.
  For internal web server you want to make sure it's on the same subnet so internal particpants can access that one. For external you need to make sure the IP configured on external one is either natted ip or public ip so that when they type the external domain name it resolves to this external server ip address.
  Let me know if you have more questions.
  HTH
  Arun

• Exchange Server 2013 internal and external DNS records

  I recently installed Exchange Server 2013 and I've register a pubic ip too for exchange server. How can I create internal DNS as well MX record for my Exchange server to send and receive internet mails. It's my first time configuring exchange for a organization.
  registered domain name=====np.bbcmediaaction.org
  public ip=====202.166.212.221

  Hi,
  For external mail flow, we need the following DNS records: MX records for the domain part of the external recipient, A records for the destination messaging servers. For more information, you can refer to the following article:
  http://technet.microsoft.com/en-us/library/bb676467(v=exchg.150).aspx
  Additionally, to ensure external mail flow works well, we also need to configure send connector.
  For more information, you can refer to the following article:
  http://technet.microsoft.com/en-us/library/jj218640(v=exchg.150).aspx   
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• New, Single Server - DNS, Web, Wiki, Mail Setup Issues

  I'm having some issues properly setting up 10.7.3 to host internal DNS and external Web, Wiki and Mail.  I'm having issues with the web and wiki hosting.  Since those are the most important right now, I haven't really had a chance to fully test the other features.  I was able to do some testing of the mail and iCal but it was limited.
  Long read below but I thought the specifics would be helpful...
  My goals and configuration are:
  ***GOALS***
  Primary:
  1) Host a public website: example.org and www.example.org
  2) Host a public wiki: main.example.org and www.main.example.org
  3) Host a public mail server: [email protected]
  4) Host a public, group calendar
  4a) Read only to majority - Read/Write to a group
  5) Host a global address book for authenticated users
  Secondary:
  6) Allow anonymous public access to a file share (read only)
  7) Allow authenticated access to the same file share (read/write)
  8) Do as much of this via GUIs as possible.
  ***SETUP AND CONFIGURATION***
  Physical:
  1) Business class Internet (no blocked ports)
  2) A single, public and static IP address
  3) Domain name and public DNS via GoDaddy
  4) Wildcard Cert: *.example.org from GoDaddy
  5) Late 2011 (bought in Jan 2012) MacMini Lion Server (the $1,000 one).
  5a) Upgraded the RAM to 16GB (need for VMware Windows clients)
  5b) Added two USB to Ethernet adapters.
  6) Using a new model AirPort Extreme Base Station (bought w/ the MM) as the main router.
  Initial Configuration:
  7) Setup a Mac Address reservation for the main and two USB Ethernet ports along with the wireless too.
  7a) Main port = 10.0.1.5 / Others are .6, .7 and .10
  8) During the setup, I chose the Host on the Internet (third) option and named my server: main.example.org
  9) After the setup completed, I upgraded the OS & Admin Tool to 10.7.3 from a clean install (on #5 now)
  DNS Config
  10) I used the admin tool to open DNS and change:
  11) "Primary Zone Name" from main.example.org to example.org.
  12) In the "Nameservers:" block, I changed the zone name there but left the nameserver name alone (zone: example.org /// Nameserver Hostname: main.example.org).
  13) The Machine Name and Reverse Zone was left alone.  RZ resolves to main.example.org.  sudo changeip -checkhostname is good.  dig on the example.org and main.example.org are good to go (NOERROR).
  OD Config
  14) From the server app, I clicked Manage/Network Accounts and setup the OD - No issues.
  SSL
  15) From the server app, I created self signed cert, generated a CSR, got a public Cert, then replaced the self-signed with the public one - No issues.
  16) Changed any service using the self-signed cert to the public one - No issues.
  17) Changed the cert in the OD to the public cert from server admin - No issues.
  In order: File Sharing, Mail, AB, iCal, Web, Wiki, Profile Manager, Network Groups, Network Users
  18) File Sharing was setup using the server app
  19) Setup mail using the server app to start it and the server admin app to configure it - No issues there (I think...)
  20) AB - Flipped the switch to on
  21) iCal - Flipped the switch to on - I setup the e-mail address to use after I added the network accounts.
  22) Web - Flipped the switch to on - Default site worked (main.example.org)
  23) Wiki - Flipped the switch to on - Default wiki worked. (main.example.org)
  24) PM - Checked the sign config profiles and enabled the device mgt.  I then flipped the switch to on - Default settings and pages worked.
  ***MY PROBLEMS***
  Website:
  Adding a website for example.org gave me the red dot in the server app.  To fix that, I added a Machine Name record to my primary zone (PZ = example.org Machine Name = example.org).  I first tried using the same 10.0.1.5 IP as the main.example.org and left the reverse mapping alone (still resolved to the NS of main.example.org).
  That gave me the green light in the server app when trying to add the website again.  From there, I changed the "Store Site Files In" to the location of my website files (and confirmed "Everyone" has Read Access in the folder's security settings).  I left the other info alone (all defaults accepted) and clicked done.
  Access to the website works on the server but external access doesn't (Network Error/timed out tcp_error).  Checked the AirPort settings using the AirPort utility (version 5.5.3) and the Port Mapping (under the "Advanced" icon) show serveral services all pointing to 10.0.1.5.  Thinking it could be DNS I tried main.example.org externally and it failed the same way.
  I ran the changeip command (good to go) and dig on example.org and main.example.org and they both resolved to 10.0.1.5 correctly.
  I removed the example.org Machine Record from the zone and it now looks like:
  PZ=example.org / ZONE=example.org / NS=main.example.org
  Machine Record=main.example.org / IP=10.0.1.5
  RM=10.0.1.5 / Resolves=main.example.org
  PLEASE HELP!

  The amount of users (if relevant):
  On site - 1 (Me)
  Off site - 16 (Windows clients - some have iOS devices too)
  Web site traffic - less than 50 regular visits per day (avg of 15) with a peek of ~125 once a month.
  This is for a 501c3 public nonprofit made of all unpaid volunteers (including the officers and directors).  All of us have paying day jobs and I just so happen to be the guy that knows just enough to get myself in trouble here.

• Exchange 2013 not receiving internal and external emails ..

  I have a coexistence of exchange 2007 and exchange 2013 ..2013 mailboxes where able to receive and send mails (internal and external) but suddenly the mail flow has stopped. 
  Mail flow status
  2013 to 2007 = OK
  2013 to internet = OK
  2013 to 2013 = OK
  2007 to 2013 = FAIL
  Internet to 2013 = FAIL 
  incoming internet mails return the NDR below
  Diagnostic information for administrators:
  Generating server: mydomain.com
  [email protected]
  Remote Server returned '< #4.4.7 smtp;400 4.4.7 Message delayed>'
  What could be a possible reason for this? 
  Cheers guys ..
  ..forever is just a minute away*

  Hi Richard,
  Thank you for your question.
  When there is a coexistence of Exchange 2007 and Exchange 2013, external email will be sent and received by Exchange 2013.
  4.4.7 means message expired, message wait time in queue exceeds limit, potentially due to remote server(your Exchange server ) being unavailable.
  If your organization has correct MX record in ISP. We could refer to the following link to check if MX record is correct:
  http://technet.microsoft.com/en-us/library/aa998082(v=exchg.65).aspx
  If we could telnet Exchange server by the following command: telnet mail.domain.com 25
  If there is a receive connector on Exchange 2013 to receive Internet emails, we could create a receive connector to receive message from the Internet by the following link:
  http://technet.microsoft.com/en-us/library/jj657447(v=exchg.150).aspx
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim

• DNS pointing to both internal and external addresses

  I am currently going through the very helpful lynda.com OS X Server 10.5 videos to set up an Advanced Server from the ground up.
  DNS was set up first and for the most part everything has gone for me just like Sean shows in the movies.
  Our company's domain name is automaticduck.com so I have been setting up DNS records for our internal network to some of the machines, for example the Xserve I'm configuring is called duckxserve.automaticduck.com and it points to the proper internal IP address. I set up my MacBook Pro OS X Client system to use the new DNS server on duckxserve and while it works for getting around the internal network now I'm having problems connecting to outside addresses on our domain such as www.automaticduck.com and support.automaticduck.com. If I remove the internal Xserve from my client's DNS servers list I am able to get out again.
  I thought I would be smart and add A NAME records to my internal DNS server with the external IP addresses, however this didn't change anything, I still couldn't get out to them.
  We are NOT hosting our own web site and email etc., we have DNS set up through our web host with A NAME, C NAME and MX records for various servers that are exposed to the outside world.
  My intention based on my understanding was that with the setup of this internal Xserve running DNS it would simply serve DNS records to the internal network. How can my set up my internal DNS to it does not conflict with my ability to get out to our outside public addresses?
  Message was edited by: Wes Plate

  Antonio Rocco wrote:
  Add your ISP DNS Addresses to the forwarders section and that should be it.
  Thank you for the reply, Tony.
  If I set up the forwarders section* can I just not include information about our automaticduck.com servers that are not on our internal network? It seems to me (not that I know anything about this) that if our internal DNS server does not know about www.automaticduck.com or support.automaticduck.com then requests for those addresses should get passed on to our ISP's name servers*, right?
  *68.238.128.12, 68.238.64.12
  This doesn't work like I thought it would.
  I have my client set up to use my new internal DNS server's IP address for a DNS server and I am able to get to the local machines defined therein (like http://wesworkg5/ ), however I cannot get to my outside sites... www.automaticduck.com or support.automaticduck.com (I can't even get to discussions.apple.com for some reason).
  I can get to other outside sites that I've never been to before (so I know they have to get looked up), like whitehouse.gov or harvard.edu or almondjoy.com
  The DNS log doesn't show me anything, maybe it isn't supposed to in a case like this.
  Whatcha think? Thank you so much.

• Exchange 2013 DNS for internal and external domain

  Hi All,
  I have been assigned a task to implement Microsoft Exchange Server 2013. I need some help in setting up DNS namespaces and design a strategy to have same internal and external names. Let me share some details here.
  We have an Active Directory domain myinternaldomain.net, and we have a public domain
  mypublicdomain.com and we have setup email policy to have
  mypublicdomain.com as the SMTP domain for all the users. We have created another DNS zone in Active directory integrated DNS and created a records for
  mail.mypublicdomain.com and autodiscover.mypublicdomain.com which will point to CAS NLB IP. We have 2 CAS servers and 2 MBX servers, we have configured DAG for MBX High availability and planning to implement WNLB for CAS as
  hardware LB is out of scope due to budget constrains.
  We want to have same URLs for OWA, Autodiscover, ECP and other services from internal network as well as from public network. Users should not be bothered to remember two URLs, using one from internal and other from public networks. I also want to confirm
  that with this setup in place do i need to have myinternaldomain.net and server names in SAN certificate?
  Thanks

  Hi Sccmnb,
  You can easily achieve this using split DNS.
  Internal DNS hostname "mail.mypublicdomain.com" will be pointing to your internal CAS NLB IP and the external public DNS hostname"mail.mypublicdomain.com" will be pointing to the Network device or
  Reverse proxy server IP.
  Depending upon users access location(internal\external) the IPs would vary and they should be able to access the website with same name.
  The names that you would require on the certificate(Use EAC or powershell to raise the request) for client connectivity would be
  SN= mail.mypublicdomain.com
  SAN= autodiscover.mypublicdomain.com
  You don't need to have the active directory domain name present in the certificate.
  Additional  to this you need to update the AutodiscoverURI for all servers and OWA,ECP,Autodiscover Virtual Directories InternalURL and ExternalURL fields with appropiate public names.
  Some additional Info:
  *Internal vs. External Namespaces
  Since the release of Exchange 2007, the recommendation is to deploy a split-brain DNS infrastructure for the Internet-based client namespaces. A split-brain DNS infrastructure enables different IP addresses to be returned for a given namespace
  based on where the client resides – if the client is within the internal network, the IP address of the internal load balancer is returned; if the client is external, the IP address of the external gateway/firewall is returned.
  This approach simplifies the end-user experience – users only have to know a single namespace (e.g., mail.contoso.com) to access their data, regardless of where they are connecting. A split-brain DNS infrastructure, also simplifies the configuration of Client
  Access server virtual directories, as the InternalURL and ExternalURL values within the environment can be the same value.
  *Managing Certificates in Exchange Server 2013 (Part 2)
  *Nice step by step article
  Designing a simple namespace for Exchange 2013
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• How do I set up internal and external views in DNS

  Setting up a test SNL10.6.8 server behind airport extreme.
  Standalone server to run public DNS, iCal, Contacts and Web
  I would like to include multiple views in etc/named.conf with statement match-clients{any;}; for public view and match-clients{127.0.0.1/32;10.0.0.0/8;}; for private view.  Server Admin won't let me do this.
  I have two questions.
  1.  Can I effectively secure this setup.
  2. How do I do it?   Do I comment out ' include "etc/dns/publicView.conf.Apple" ' in etc/named.conf and add my own two views or do I use Server Admin to mangae the public view and zones and manually manage the internal zone?
  Thank you for your help and advice. 

  Linux and the BSDs (among other choices) are the full-power, deep-end-of-the-pool roll-your-own solutions. They're excellent choices for a number of application and network services configurations, and for cases with complex or tailored requirements.  The target market is tweakable and easily customized.  Mac doesn't aim there.
  Having used and managed BIND on both Mac OS X Server and on other (non-Unix) servers, managing it on Mac OS X Server is simpler, though (as is often the case) you have to manage the server the way Apple expects you to.   The other servers I work with toss you into the BIND configuration files with a text editor, and while that's entirely feasible, it's not what I'd call user-friendly nor simple.  (See first paragraph.)
  Running DNS at public servers (such as your ISP) and running a second set of DNS servers on your LAN is easily within reach of the Server Admin tool, and it means you don't have to be delegated, etc., for the public views, and it means your ISP owns securing your external DNS.
  If you're accustomed to hand-managing and tweaking your DNS configurations, then Server Admin probably won't do all what you want, if you want to use any of the features of BIND9 past the subset that Server Admin allows you access to.  The question then becomes whether Server Admin does enough of what you need.
  Running iCal via VPN is typical and folks that are not on the VPN can use the web interfaces or related, if you're not offering an "open" iCal connection through your firewall.
  One other oddity you might want to consider.  Last I checked, BIND9 was also present in client.  Hand-managed.  That might give you a different option here.

• IWeb Website with Google E-mail and ZoneEdit DNS

  I have an iWeb website, and currently run domain e-mail through 1and1. It seems ridiculous to pay for 1and1 email when I can get domain e-mail for free with GoogleApps. The only problem is I am not sure how to manage DNS outside of the 1and1 environment. I looked into ZoneEdit, but I cannot find specific instructions for setting up iWeb DNS properly on ZoneEdit so as not to break e-mail like the instructions I found here in the forum for 1and1.
  I was wondering if anyone else uses domain e-mail, iWeb, and ZoneEdit, and if so how you set up DNS.
  Thanks!

  Thanks for the reply. I had already researched the various forum posts (as it is now, I have the personal domain set up and functioning appropriately). The issue is that most of the posts have little to do with the tendency of CNAMEs to break email functionality. ZoneEdit strongly discourages CNAMEs in the FAQ you referenced for mainly that reason.
  I made use of a very good post in setting up 1and1 DNS to work properly with iWeb and my domain - all without breaking e-mail. I am looking for someone who did the same thing with ZoneEdit.
  I will keep looking through the posts, but so far a ZoneEdit example that includes maintaining domain based e-mail is elusive!

• DNS records to be created for Lync deployment (Internal and External)

  Hi There,
  If I want the Lync server environment to work Internal as well from External in all the aspects. (auto-discover, meetings, AV conferencing,web conferencing, voice integration, mobility etc), please answer to the below questions and also their purpose please.
  I'm not sure whether the answer varies for 2010 and 2013 version.
  1. What are the Internal and External(public) DNS records to be created for the reverse proxy(assume i'm using TMG servers), and their purpose?
  2. What are the Internal and External(public) DNS records to be created for Lync Edge server, and their purpose?

  I'll try to answer as well.
  1) For the reverse proxy, you'll need to publish the following:
  External:
  lyncdiscover.sipdomain.com (You'll need this record for every sip domain you have).  This is for client autodiscover.
  external web services FQDN (You'll need one of these per pool, you get to choose the name).  This is for address book downloads, web conferencing, etc.
  Meet.sipdomain.com (You can choose the name here, and have one per sip domain or one for the whole org).  This is for web conferencing.
  Dialin.sipdomain.com (You'll just need one here, it doesn't have to be dialin).  This is for changing your conferencing/phone pin, resetting conference info, and general conferencing info.
  For Lync 2013 only, you may want the Office Web Application server pool name as well for PowerPoint sharing.  Lync 2010 doesn't use this.  
  Internal:
  The external web services FQDN.  You'll need this available internally through the reverse proxy so you can redirect requests on port 443 to port 4443.  This will be used for mobile devices on WiFi.
  2) For the Edge server:
  Externally:
  sip.sipdomain.com (you'll need one per sip domain) this is an autodiscover/multi use FQDN and should point to your access edge IP.
  webedge.sipdomain.com (edge web conferencing, you can pick any name you like).
  avedge.sipdomain.com (av edge, you can pick any name you like).
  accessedge.sipdomain.com (you'll need a name for the access edge role, however you can just use sip.sipdomain.com and save a name in your certificate request).
  Internally:
  edgepool.sipdomain.com (you can pick any name you want, it's just the name assigned to the internal edge interface.
  If you choose to have a single ip for the external edge, you can get away with just an access edge name and/or sip.sipdomain.com
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Lync Edge and Proxy server public DNS records port forwarding rules

  Hi All
  I have question in regards to port forwarding rules for port 443 of simple url.
  I have 4 public ip addresses.
  1 edge server (4 nics , 3 running with different ip for sip, meet and dialin in DMZ network, 1 connected to internal local network).
  1 proxy server (2 nics, 1 running with an ip which is in DMZ same as edge, and 1 connected to internal local network)
  1 front end (lync 2013 standard installed.) connected to internal local network
  1 office web apps . connected to internal local network
  The question is that I am using 3 public ip addresses respectively on public DNS records for sip, meet and dialin(av) and using port 443 which has been set on edge server. So , I can use 3 DMZ network ip address on edge for sip, meet
  and dialin (av) port forwarding from 3 public ip addresses as per in Microsoft document.
  However, I also have a reverse proxy .Hence, my understanding is all public DNS records except SIP and port 443 should be pointed and port forwarded to reverse proxy ip address which is in DMZ network as it would redirect 443 and 80 to 4443 and 8080 to front
  end.
  Now the question has been clear, if simple URLs public DNS record and port forwarding rules for port 443 should be pointed to reverse proxy server, why they need to be set on each ip address and port number in Front end server topology to edge server?
  If anyone knows, please give a help how to set it correct and what is supposed to be a correct configuration for a topology lync 2013

  Hi George
  Thanks for your reply. Attached is my topology which could make my it bit clear. You may see the public dns host record from the image. I set sip, meet, dialin , and owa 4 host records. The first 3 records are pointed to lync edge by doing a NAT with port
  443 which is the same as per you said. However my understanding is they should be pointed to reverse proxy instead as for instance, I need meet.xxx.com with port 443 to be redirected to port 4443 through reverse proxy server to the front end. So when the external
  customers who do not have lync client installed to their machine then we can shoot a lync meeting and send to them via outlook and they just need to click on join lync meeting link in the email to join in such a meeting based on IE. (Is my understanding correct?)
  If lync web meeting works like so , then the question is why I need to set three SAME addresses in front end topology builder for edge and make them point to edge server instead?　
  １. Access Edge service (SIP.XXX.COM) ---> I understand that it is used for external login lync front end.
  2. Webconf edge server(Can I set to meet.xxx.com which is the same as simple URL that points to reverse proxy?) ----> If I can set this address to be the same as simple url address that points to reverse proxy, why should it need to be NATed to edge
  instead? TO BE HONEST, if I HAVE tested, if I set this url as sip.xxx.com which means to use a single FQDN and ip address with port 444 and points simple url meet.xxx.com to reverse proxy, it will still work to join lync meeting sent by
  outlook.I DO NOT REALLY UNDERSTAND WHAT this URL used for at this stage.
  3. AV edge --- same as webconf
  Regards
  Wen Fei Cao

• DNS Forwarding Same Internal and External Zone

  Hi,<o:p></o:p>
  So we have decided that we want our internal domain to be the same as our external domain e.g. domain.uk. I understand that split DNS can be used
  to fulfil this requirement but is it possible to set up a forward so if the DNS entry is not available in the internal zone it will forward onto one of our external name servers where it can resolve?<o:p></o:p>
  We are basically trying to avoid having to add the entry on both external and internal DNS servers for it to resolve. So far I have added the external name servers to
  the forwarders and disabled root hints which didn’t work. I’ve tried to add a conditional forwarder but it says the zone already exists. It seems the only to achieve the internal resolution is by creating the DNS entry both internally and externally.<o:p></o:p>
  Does anyone know if this is the case? It seems strange that you couldn’t point the DNS to another external name server for resolution? <o:p></o:p>
  Any help would be appreciated.<o:p></o:p>

  You must ask in networking forum
  https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverNIS&filter=alltypes&sort=lastpostdesc

• DNS Settings for multiple domains internal and external.

  First forgive me if my post is in the wrong area. If it is, kindly show me to the right location..
  OK, here is the deal. I have an xserve running 10.5.6 perfectly. 5 Domains running on it as well perfectly fine. lets call them domain1, domain2, etc...
  I run web services and mail services for all 5 domains. but heres the problem...
  I want to add another domain "domain6" but I only run the web services not mail. how can I set this up? I tried to add another Zone and only set up the www.domain6.com part but then no mail works as there is no mx record available.
  I am behind a firewall. when I am on a local machine and there is no domain6 DNS entry the mail works as the address to the external mail server is correct. but no local web works because I am getting the external IP to the www server. I need to keep traffic on the LAN.
  BEGIN Basic Question *
  I want to add another domain that I own but only the A record for the WWW part. How do I add a single entry for www.domain6.com but for everything else like MX records forward outside my network.
  END Basic Question *
  Help Please... Thanks! Bill

  Ok that worked. but let me clue you in on something that was happening...
  When I set up the domain6 then set up the ns record went on to create the www, mail1, anad mail2 entries when I went to save it addded domain6 to the end of the nameserver host name and both mail MX entries. That was my problem I just didnt see it the first time. I then edited the mail entries and removed the "domain6.com" and left the real mx host names and all is working now. Thanks for helping me.