Linux·4,549 discussions

DNS

Locked

We have a DNS server (on a Linux box)on our network that has a zone for our internal network (UNIX and NT 4.0) as well as resolves names for the Internet.

Our Internet email server (sendmail on same box as DNS server) has a IP Address on our internal network. Because we use NAT, it has a different public IP address to the public world.

The problem is that our NT clients often resolve the public, external IP address of the mail server, rather than the Internal address. This happens even though I have our Internal DNS server set as the preffered DNS server. As a secondary DNS server, we point to our ISP,s DNS server. This creates a problem because they cannot retrieve POP3 back through our firewall. Everything works fine if I use theinternal IP address of the email server instead of the name in Outlook setup.

Is there any way to force the clients to resolve the internal IP address rather than the public address?

Topic

DNS

In reply to DNS

You should set up different host names (A Records) for your server. You should have an internal host name and external host name. This is the best way to avoid conflicts.
I have a very similar setup and mine works well because I use different names.
Your mail clients won’t have a problem going to internalmail.yourdomain.com because that just resolves to an IP address.
Also, another way, if you don’t want to change your DNS records, is to configure the internal pop3 clients to use an IP address instead of a hostname when connecting to the server to send/receive email.
Email if you need more help.
– Steve Cody
scody@gulbrandsen.com

DNS

In reply to DNS

This seems the most reasonable route to take. For now I have been setting the IP address for users who are having problems.
Thanks

DNS

In reply to DNS

Looks like the official mail server name and the internal name are the same (eg ‘mail’).

The easiest way would be to use the fully qualified domain name of your internal email-server with your NT clients. This of course assumes, that your internal domain is different from your official domain.

Public DNS-entry: mail.company.com.
Internal DNS-entry: mail.internal.company.com.
with zone internal.company.com. not visible to the public (Maybe you’re using an internal DNS-scheme like mail.net1.internal. – that would do as well).

Furthermore, if your internal DNS-Server acts as prefered DNS Server, you don’t need a secondary external DNS Server – which doesn’t know about your internal addresses anyway (if it does, it shouldn’t!). YourNT clients should only ask your internal DNS server (which then might ask your ISPs DNS server in turn).

Regards,
Holger

DNS

In reply to DNS

Thanks, you agree with Steve above. I do however, like to have a second DNS server for the clients as a backup in case one goes down.

DNS

In reply to DNS

I am not sure … but if your problem resides in DNS usage, from your message i can figure out that on your clients you have configured as DNS service your internal as primary and external (your ISP DNS) as secondary.

> of the mail server, ratherthan the Internal address. This
> happens even though I have our Internal DNS server
> set as the preffered DNS

Set the external DNS (your provider’s one) as forwarders of your internal DNS and do not allow clients to look DNS other than your internal one.

DNS

In reply to DNS

Thanks

DNS

In reply to DNS

In your NT boxes, make sure they are on your local domain. Make sure the internal DNS is listed first, and most of all, make sure that the clients are looking for the mail server on the internal net, not the ISP’s domain. By having the local machines look for mail.internal.mydomain.com instead of mail.mydomain.com may help in getting them to look local instead of going for the mail and name records from your ISP.

DNS

In reply to DNS

Thanks

[Author]

Replies