[NOTE: The solution of this question is perfect, by something stray away from what the title indicates.]
I'm facing a small problem with Windows Server 2003 DNS service
. In my corporation, I'm running Microsoft DNS server(172.16.0.12
) to do name resolution to my company intranet(domain name ends in dev.nls
. resolving to IP 172.16..), and it is also configured as a DNS forwarder to forward other domain names(e.g. *.google.com , *.sf.net) to Internet real DNS servers
. This internal DNS server never tends to serve users from outside world.
And, we are running a mail server(serving incoming mail for a real Internet domain @nlscan.com
) inside company firewall which can be accessed in either way:
- by connecting to
172.16.0.10
from within intranet. - by connecting to
mail.nlscan.com
(resolved to202.101.116.9
) from Internet.
Note that 172.16.0.10
and 202.101.116.9
is not the same physical machine. The 202
one is a firewall machine who do port forwarding of port 25
and 110
to intranet address 172.16.0.10
.
Now my question: If users inside corporate LAN want to resolve mail.nlscan.com
, it resolves to 202.101.116.9
. That's correct and workable, BUT NOT GOOD, because the mail traffic goes to the firewall machine then bounces to 172.16.0.10
. I hope that our internal DNS server
can intercept the name mail.nlscan.com
and resolve it to 172.16.0.10 . So, I hope that I can write an entry in "hosts" file on 172.16.0.12
to do this. But, how can Microsoft DNS server
recognize this "hosts" file?
Maybe you suggest, why not have intranet user use 172.16.0.10
to access my mail server? I have to say it is inconvenient, suppose a user(employee) works on his laptop, daytime in office and nighttime at home. When he is at home, he cannot use 172.16.0.10
.
Creating a zone for nlscan.com
on our internal DNS server
is not feasible, because the name server for nlscan.com
domain is on our ISP, and it is responsible for resolving other host names and sub-domains under nlscan.com.
[EDIT]
As WesleyDavid
suggested, I follow the solution of simply create a zone named mailserver.nlscan.com
and place a nameless A record in that zone . Time proves this works well.