Resolution of public domain server internally

Question

I have an issue with my users internally not being able to resolve the public namespace internally. I use domain.local as my internal namespace and domain.com as my public namespace. However I cannot get the internal users to resolve for example mail.domain.com to my exchange server's internal IP address. The main reason I am trying to get this fixed is the introduction of a WiFi connection in house that allows my mobile users to connect and use the networks data instead of the mobile data stream. However, they cannot get their internal emails while on the WiFi connection.

Any help with this would be greatly appreciated.

Answer 1

The reason for this could be, that your internal DNS resolves to the public IP-addresses which are not reachable from the inside directly for routing reasons.

A solution would be using a so called DNS-view, if you use bind8 or bind9. With views, your DNS can answer with different IP-addresses for the same servername, depending on the source IP-address of the client.

This also assumes, that this DNS server is internally reachable so that it can recognize the internel (NATed) IP-addresses.

A good primer on this is the document BIND 9 Configure Views To Partition External and Internal DNS Information. You would need to adapt the zone-files in a way, that internal clients will get the internal IP-address of your Exchange server, instead of the public IP-addresses.

Answer 2

What you want to achieve is called "split DNS" (or "DNS shadowing", or with various other names): you need to create a "domain.com" zone in your internal DNS server, so that it can provide different answers to your internal computers instead of the standard answers everyone gets when resolving those names from the Internet (f.e. having "mail.domain.com" point to an internal IP address instead of the public IP address it normally points to).

If you don't want to remap all your external names, you can also create a zone called "mail.domain.com" and define an empty A record in it, pointing to your Exchange server's internal IP address; this will only remap the name "mail.domain.com", but will allow external resolution for all the other names in the "domain.com" zone.