Developer

Tech Tip: Learn the benefits of a split DNS system

A common practice for organizations is to run servers for internal use separately from those for external use. But in many instances, both internal and external clients use both servers. And if the organization uses network address translation (NAT), the servers must be accessible from two different IP addresses.

For example, consider Exchange 2003's Outlook Web Access (OWA) component. Assume that it's a small environment, and the OWA server is behind the organization's NAT-enabled firewall, which has rules that allow HTTP traffic to this server from anywhere outside the organization.

If you use a single DNS scenario, you have one of two situations. If you provide DNS entries for your external users to access the OWA server, your internal users can't use it because they're in the translated network.

However, if you provide DNS entries to enable your internal users to use OWA, then external users are unable to use the services. NAT addresses are generally in the RFC 1918 reserved IP address ranges, which aren't used on the Internet and aren't routable outside an organization's firewall.

You can rectify this situation by using Windows Server 2003 DNS services. Your internal users will use Windows Server 2003 DNS services, which will resolve your internal addresses and forward foreign requests to your ISP's DNS servers. On the internal DNS server, configure the internal NAT addresses, and at your ISP, provide name resolution for the external IP addresses.

Next time, we'll tell you how to configure and manage the DNS servers.

Editor's Picks