Announcement

Collapse
No announcement yet.

two suffixes, .local and .com

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • two suffixes, .local and .com

    Hello,

    I created my domain infrastructure with a .local suffix; I did so because I often hear it is the proper thing to do.

    However, I want to make my CAS Exchange server visible from the WAN, where I have mydomain.com pointing to my router.

    But then, Do I have to create another DNS zone in my DNS server?. This is what I did, but this zone only contains an A record (cas-hub-2010.domain.com) a CNAME record (mail.domain.com) and a MX record: domain.com . . mail.domain.com priority 10

    Besides, in the CAS Exchange server (in its network adapter tcp/ip properties) , I guess I have to add a new DNS suffix (domain.com) to the already existing (domain.local).

    Also, in the Exchange server, the users have the email address [email protected] . How could I change that to [email protected] ? , but there are several users, so I was thinking about using Powershell.

    Thanks in advance!
    Last edited by loureed4; 20th March 2015, 13:59.
    -
    Madrid (Spain).

  • #2
    Re: two suffixes, .local and .com

    Every user can have emails for multiple domains like that. I oversee a setup with a 'domain_name.local' and 'domain_name.<something else>'(sorry, no details). We have the recipient policy defined on our Exchange server to give each new mailbox user email addresses in multiple formats:
    *[email protected]_name.local, and
    *[email protected]_name.local, and
    *[email protected]_name.<something else>

    So either of the first 2 addresses are handled totally internally between members, while the 3rd represents inbound traffic from WAN sources.

    We also have our primary internal domain zone as '...local', and another zone as '...<something else>', and that second zone is DNS (MX) listed in the wider WAN we're a part of. Our ASA passes the inbound SMTP traffic based on rules defined to allow it, no sweat. As long as you have an MX record listed in the WAN for your firewall's IP as the destination, and your firewall passes the SMTP traffic thru into your mail system, you shouldn't have any problems.

    Sorry I have to leave some info out of my description, but our customer insists it not be revealed. Hope this sets your mind at ease, a bit.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: two suffixes, .local and .com

      Wow! , thanks a lot RicklesP. No wonder you are granted the most valuable member in this forum!

      If I got it right, I have to have:

      1. Public MX record pointing to my Public IP (mail.mydomain.com) (which I have)

      2. A private MX record in a new zone called mydomain.com which I have to create manually . (This I have created it from scracth too)

      3. Two dns suffixed for the Exchange server , one like "cas-hub-2010-1.domain.LOCAL" and another one which I have to add: "cas-hub-2010-1.domain.COM." (which I also created).

      Yes, I knew that the emails can be set in different ways as long as the Exchange can have an authorative control over those domains?, like: "[email protected]", "[email protected]", and so on...

      MANY THANKS ONCE MORE!
      -
      Madrid (Spain).

      Comment


      • #4
        Re: two suffixes, .local and .com

        Its nothing to do with what your saying, looks like gobbledegook to me.

        You need to research Accepted Domains.

        https://www.google.com.au/search?q=m...+exchange+2010

        1. This is fine.
        2. Not required.
        3. Not required.

        Comment


        • #5
          Re: two suffixes, .local and .com

          Thanks Wullieb1.

          Then, Don't I need a private .com dns zone ?.

          I mean, what about when one email tries to reach my Exchange server within my lan? , someone will be sending an email to [email protected] , not .LOCAL , so, as far as I know, I will need a private mx record (mail.mydomain.COM) within my private lan, in a new zone call mydomain.com , I am not an expert though.

          In accordance to that, the Exchange machine has to have a resolvable name, this is: Exchangemachine.domain.COM which will be an A record in the new zone mydomain.com and an alias (cname) for that A record, like cname: mail.domain.com --> exchangemachine.domain.com.

          So, basically, as I see it, the new "mydomain.com" internal dns zone:

          Mail exchanger: domain.com . . mail.domain.com priority 10
          A record: exchangemachine.mydomain.com . . 192.168.2.20
          cname record: mail.domain.com . . exchangemachine.mydomain.com

          EDITION: Yes, I added in the Accepted domains "mydomain.COM"
          Last edited by loureed4; 20th March 2015, 14:02.
          -
          Madrid (Spain).

          Comment


          • #6
            Re: two suffixes, .local and .com

            No you don't. Exchange takes care of all of that so as long as you have your public DNS records (MX and A) set up so email gets delivered to your router, and the router forwards it to the internal IP of the Exchange server. Exchange will then route to the correct mailbox based on a mapping between the .local and .com addresses you have set up.

            The reason for an internal .com DNS zone is to allow SSL certificates (must now be public names only) to work and to use the same naming conventions regardless of whether outlook/ActiveSync are internal or external to your LAN
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: two suffixes, .local and .com

              Thanks Ossian.

              Sorry if this question is too simple but...Don't I need an internal MX record in my internal DNS Servers ?.

              I didn't understand when you said: "...based on a mapping between the .local and .com addresses you have set up..."

              Thanks a lot !
              -
              Madrid (Spain).

              Comment


              • #8
                Re: two suffixes, .local and .com

                Users with mailboxes in Exchange don't send email to the .com or the .local addresses. They send to other users in Exchange. Exchange doesn't use the DNS suffixes at all for email sent between Exchange users.

                The DNS suffixes serve the purpose of:

                1. Directing external email to the Exchange server.

                2. Allowing Exchange to identify the accepted domains and the correct recipients for external email being sent to Exchange recipients.

                So the answer is no. You do not need to have an internal DNS zone for .com in order for Exchange to operate and for Exchange users to send email to other Exchange users.

                Your scenario is not unique. This is the way 99% of all organizations are configured. They have a public, external .com (or whatever) DNS zone and a private, internal .local (or whatever) DNS zone, where Exchange exists. Nobody has an internal DNS zone that matches their external DNS zone because it isn't necessary, because Exchange doesn't use the DNS suffix of the fully qualified email address ([email protected]) to send email from one Exchange recipient to another.

                Comment


                • #9
                  Re: two suffixes, .local and .com

                  I am all confused now, but I will eagerly re-read your nice reply.

                  Just one (and probably very silly) question:

                  Don't I need then a private mx record ? .

                  Thanks a lot !
                  -
                  Madrid (Spain).

                  Comment


                  • #10
                    Re: two suffixes, .local and .com

                    No, an mx record in the internal dns servers is not needed, from what I am reading out there on the internet.

                    http://smtp25.blogspot.co.uk/2007/07...ithout-mx.html

                    THANKS A LOT !
                    -
                    Madrid (Spain).

                    Comment

                    Working...
                    X