DNS Alias question

I have a mail server on our local domain. The mailserver is a multihomed computer with one WAN nic and one LAN nic. We have just blocked the use of ports 110 and 25 through our LAN/WAN gateway. This forces our users to make use of our own mailserver for all email ... they can no longer use other mail systems for email. They can access the mailserver by using the LAN name for the mailserver .. i.e. "ourmail ". However, they cannot access the mailserver using mail.ourmailserver.com ... since this requires transitioning the firewall. This is cool for all but a handful of users. These are guys with corporate laptops, who complain of the terrific burden of having to actually select which mail account to use. ... ourmail and mail.ourmailserver.com.

Can I use the local domain dns to point mail.ourmailserver.com to ourmail when these guys are connected to the LAN and let the big DNS servers in the sky point to mail.ourmailserver.com when they are on the road? I've taken a couple whacks at this and failed. And, I haven't been able to google even a hint at a solution.

Thanks for any help

 

Yes you can.

You'll need to create a zone for your external domain on your internal DNS system and create host records for all resources on the external domain, that internal users need access to.

So say your configuration is this:
Internal domain. company.local
External domain. biggum.com

Your mailserver is 11.11.11.11 external and 10.0.0.2 internally.
You have an external web server at 11.11.11.12 which hosts static content on www.biggum.com, and a support application on support.biggum.com.
You also have an external company CRM server on 11.11.11.13 hosting these services via crm.biggum.com

So first step is to create a new Forward lookup zone in your local DNS (the system usually prompts you to allow it to create a reverse lookup zone at the same time - if it does allow it to create the reverse lookup zone. This isn't essential but handy to have). The zone name for this example will need to be "biggum.com ".

Then create the following A Host records:

Code:

host name       ip address
-------------------------
mailserver        10.0.0.2
www              11.11.11.12
support           11.11.11.12
crm                11.11.11.13

You could create an MX record pointing at 10.0.0.2, but unless you have other mail servers inside your network, this isn't necessary. I don't bother on internal DNS systems and haven't hit a problem yet. The key thing with the MX record is that there is one set for external access, and the best place for that is your ISP's DNS server. As long as that is set correctly, you'll be fine without one internally.

You would then test it by doing the following tests
nslookup mailserver.bigum.com
should return 10.0.0.2

nslookup www.bigum.com
should return 11.11.11.12

nslookup support.bigum.com
should return 11.11.11.12

nslookup crm.bigum.com
should return 11.11.11.13

On your company.local zone you'd have an A record of

Code:

mailserver    10.0.0.2

So nslookup mailserver.company.local would return 10.0.0.2

 

Wow, Thanks ReggieB. This is a terrific response.