Small Business Email Server Internal vs External DNS IP

3

0

I am not in charge of the network, but I have responsibility for the Email Server at my workplace. We outsource networking, and how it was set is like this:

Mail Server (192.168.0.2)

Internet Firewall (155.x.y.z)

Internal DNS Server (mail.example.com -> 192.168.0.2)

Public DNS (World) (mail.example.com -> 155.x.y.z)

If i ping 155.x.y.z from within my LAN 192.168.0.0/24, I do not get a reply. When I consulted my network team, they said that I was not able to access 155.x.y.z from within the 192.168.0.0/24.

Problem My users use laptops, when they come into the LAN, for a while they still have (mail.example.com -> 155.x.y.z) in their DNS cache, and thus cannot get any reply from the mail server.

The options I have used are using a shorter TTL, but it has not worked because some of it is being overridden.

How can I fix the above?

Pilling Fine

Posted 2016-07-07T12:28:58.447

Reputation: 133

1Windows? Flush the DNS cache ipconfig /flushdns – DavidPostill – 2016-07-07T14:24:48.857

@DavidPostill many executive users use this setup, day in day out. Hard to tell them to run a cmd daily. – Pilling Fine – 2016-07-07T14:28:52.387

1You can probably automate it ... – DavidPostill – 2016-07-07T14:30:07.423

Smart, maybe a windows service which they run when they come into the network...or even detects network change and runs itself, smart...make it an answer :D – Pilling Fine – 2016-07-07T14:34:56.747

Not enough meat for an answer. When you figure it out you can answer your own question :) – DavidPostill – 2016-07-07T14:36:53.580

Tell them that to fix the issue, they just need to reboot once; that'll clear the DNS cache. – Ƭᴇcʜιᴇ007 – 2016-07-07T14:48:37.723

The network design seems broken by design, it should be repaired. Workarounds are just that: Workarounds. Not solutions. – Daniel B – 2016-07-08T06:42:59.933

Answers

3

What you need is equipment capable of providing NAT loopback or hairpin NAT which allows the public IP to be accessible from within your LAN.

This is usually only available on business-grade network equipment so you'll have two options - buy a better router or try and flash your router with a firmware such as DD-WRT etc.

Kinnectus

Posted 2016-07-07T12:28:58.447

Reputation: 9 411

Oh I see, so that is in the network place of things, can I ask, is this what enterprise-grade networks employ? – Pilling Fine – 2016-07-07T13:09:26.207

"is this what enterprise-grade networks employ?" Yes. – Ƭᴇcʜιᴇ007 – 2016-07-07T14:49:12.493

@Ƭᴇcʜιᴇ007 I see thanks. Will read this up to give me some info, probably might not implement for reason of the size of department. But Thanks! – Pilling Fine – 2016-07-07T14:51:28.197

1A couple hundred pounds could get you an entry - level solution. – Kinnectus – 2016-07-07T14:53:32.257

Asked: 2016-07-07T12:28:58.447

Viewed: 94 times

Active: 2016-07-07T12:40:24.340