Our Customer has an internal Domain company.local with two AD Controllers (and DNS). He has an internal Mailserver which is reachable from the internet at mailserver.company.com with an offical IP Address (through a NAT Firewall Policy) Now the Problem is, all the internal Users need access to the internal Mailserver directly, via the internal DNS Servers to the internal IP Address not through the offical mailserver.company.com Domain! Let me start by putting down some example informations which will hopefully help understanding the current config (so, in case I got it wrong you may quickly correct me); let's say the two domain names are example.com (public) and example.local (private, AD); now, let's also say that the public IP of the mailserver is 192.0.2.100 and that the private IP of the same server is 172.18.0.25; in the public DNS servers for the example.com domain we'll have something like (note the "@" means "same as parent" that is, the given DNS record name is blank and assumes the domain name - in our case example....) @ IN MX 10 mail.example.com. mail IN A 192.0.2.100 while, the private (AD) DNS server for the example.local domain will contain something like @ IN MX 10 mail.example.local. mail IN A 172.18.0.25 let's also say that the two AD DNS servers for "example.local" are ns1.example.local (172.18.0.1) and ns2.example.local (172.18.0.2) Now, what we want to do is setting up things so that a given computer using "mail.example.com" as the mailserver will get back 192.0.2.100 when being "on the road" and 172.18.0.25 when being connected to the company network (so using the internal DNS servers) to do so, you'll need to do the following Fire up the DNS management console on " ns1.example.local" and proceed creating a new zone; select "standard primary" (no AD) and enter "mail.example.com" as the zone name (yes, the fully qualified name of the "external" mailserver); confirm the zone creation and then, enter the following records in the zone (note, as already said, the "@" means leaving the record name empty, that is "same as parent domain") @ IN NS ns1.example.local. @ IN NS ns2.example.local. @ IN CNAME mail.example.local. the above tells that the two authoritative DNS servers for "mail.example.com" are ns1 and ns2 (as above) and that "mail.example.com" is an alias for "mail.example.local"; done that, fire up the DNS management console on "ns2.example.local" and, again, proceed creating a new zone but this time select "standard secondary" (again, no AD), enter "mail.example.com" as the zone name and enter 172.18.0.1 (that is the IP for ns1.example.local) as the primary DNS server; confirm the zone creation and wait some second while "ns2" transfers the zone data from "ns1"; at that point, "ns2" will have a full copy of the zone That's all; from this moment on, all queries for "mail.example.com" directed to the AD DNS servers will get back the "CNAME" as an answer and the CNAME will then be resolved with the IP of "mail.example.local"; I choose to use a "CNAME" record instead of an "A" one for such a setup since you don't need to use it as an MX (if I got it right you'll just need it for the clients email apps) and since this way, in case you'll change the IP address of "mail.example.local" such a change will be automatically reflected on the "mail.example.com" I hope the above is clear and I hope it answers your question

Hi hanspeter, Thanks for posting here. Yes, we can create a DNS zone with same name as its external domain name on our internal DNS servers but with adding internal addresses for each record under that zone , that will make client to get internal addresses of resources when clients connect to internal network and use internal DNS server for name resolution. Using Different Internal and External Domain Names http://technet.microsoft.com/en-us/library/cc739077(WS.10).aspx > Is there a way to setup internal DNS Server with the company.com Domain (ActiveDirectory integrated?), so that we can manage only one of the internal DNS Server and the changes would be replicated to the other internal DNS Server? And yes, AD integrated or primary/secondary DNS replication deployments could also help us to achieve the goal. Thanks. Tiger Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Our Customer has an internal Domain company.local with two AD Controllers (and DNS). He has an internal Mailserver which is reachable from the internet at mailserver.company.com with an offical IP Address (through a NAT Firewall Policy) Now the Problem is, all the internal Users need access to the internal Mailserver directly, via the internal DNS Servers to the internal IP Address not through the offical mailserver.company.com Domain! Let me start by putting down some example informations which will hopefully help understanding the current config (so, in case I got it wrong you may quickly correct me); let's say the two domain names are example.com (public) and example.local (private, AD); now, let's also say that the public IP of the mailserver is 192.0.2.100 and that the private IP of the same server is 172.18.0.25; in the public DNS servers for the example.com domain we'll have something like (note the "@" means "same as parent" that is, the given DNS record name is blank and assumes the domain name - in our case example....) @ IN MX 10 mail.example.com. mail IN A 192.0.2.100 while, the private (AD) DNS server for the example.local domain will contain something like @ IN MX 10 mail.example.local. mail IN A 172.18.0.25 let's also say that the two AD DNS servers for "example.local" are ns1.example.local (172.18.0.1) and ns2.example.local (172.18.0.2) Now, what we want to do is setting up things so that a given computer using "mail.example.com" as the mailserver will get back 192.0.2.100 when being "on the road" and 172.18.0.25 when being connected to the company network (so using the internal DNS servers) to do so, you'll need to do the following Fire up the DNS management console on " ns1.example.local" and proceed creating a new zone; select "standard primary" (no AD) and enter "mail.example.com" as the zone name (yes, the fully qualified name of the "external" mailserver); confirm the zone creation and then, enter the following records in the zone (note, as already said, the "@" means leaving the record name empty, that is "same as parent domain") @ IN NS ns1.example.local. @ IN NS ns2.example.local. @ IN CNAME mail.example.local. the above tells that the two authoritative DNS servers for "mail.example.com" are ns1 and ns2 (as above) and that "mail.example.com" is an alias for "mail.example.local"; done that, fire up the DNS management console on "ns2.example.local" and, again, proceed creating a new zone but this time select "standard secondary" (again, no AD), enter "mail.example.com" as the zone name and enter 172.18.0.1 (that is the IP for ns1.example.local) as the primary DNS server; confirm the zone creation and wait some second while "ns2" transfers the zone data from "ns1"; at that point, "ns2" will have a full copy of the zone That's all; from this moment on, all queries for "mail.example.com" directed to the AD DNS servers will get back the "CNAME" as an answer and the CNAME will then be resolved with the IP of "mail.example.local"; I choose to use a "CNAME" record instead of an "A" one for such a setup since you don't need to use it as an MX (if I got it right you'll just need it for the clients email apps) and since this way, in case you'll change the IP address of "mail.example.local" such a change will be automatically reflected on the "mail.example.com" I hope the above is clear and I hope it answer your question

Hi all, Thanks for your replies. i think the answer of obiwan is exactly what need! I will try it in the next few days. Thank you so much HanspeterHanspeter Thoma

I will try it in the next few days. Please, let us know if and how it will work for you Thanks

Hello All Our Customer has an internal Domain company.local with two AD Controllers (and DNS). He has an internal Mailserver which is reachable from the internet at mailserver.company.com with an offical IP Address (through a NAT Firewall Policy) Now the Problem is, all the internal Users need access to the internal Mailserver directly, via the internal DNS Servers to the internal IP Address not through the offical mailserver.company.com Domain! How can I setup the internal DNS Servers so that they forward the mailserver.company.com Record directly to the internal IP Address of the Mailserver? Is there a way to setup internal DNS Server with the company.com Domain (ActiveDirectory integrated?), so that we can manage only one of the internal DNS Server and the changes would be replicated to the other internal DNS Server? Thank you for your help hanspeter