Hello, I am having issues with a newly installed Exchange 2010 SP2 server. I have this server in a domain that already has an Exchange Server 2010 RTM installation. I am going to be removing the RTM version and rebuild it after I get the new server setup. My issue is unique because for the internal network the AD DS is used for DNS and externally a linux server is used for DNS. Here is a rundown of the servers: DCA - Windows Server 2008 R2 - AD DS - 2 NIC Adapters, 1 internal access and 1 external access. Exchange - Windows Server 2008 R2 - Exchange Server 2010 RTM - 2 NIC Adapters, 1 internal access and 1 external access. W2K8R2-ESP2-1 - New Server - Windows Server 2008 R2 - Exchange Server 2010 SP2 - 2 NIC adapters, 1 internal access and 1 external access. This server has the LAN NIC set for priority over the WAN NIC. I have created a static route for the LAN NIC to access the local network. WAN NIC has a default gateway and has a higher metric than the LAN. LAN NIC uses the LAN IP for the DCA DNS server. The WAN NIC is required to use the WAN NIC for DCA DNS. I optionally set the secondary DNS for the WAN NIC to use the IP for NS1.domain.com. I eventually want to make it so that the WAN NIC only uses ns1.domain.com as it's only DNS server. NS1.domain.com - Linux Server that is running DNS server. Any record on ns1.domain.com points to the WAN NICs on the exchange servers. Exchange is the old server that is being replaced by the new server. The old exchange server and the new exchange server will have similar but different setups. One big difference will be how the servers are registered in DNS. Exchange is set up in DNS to have both internal and external NICs for the PC name-- Exchange. This is causing DNS to do Round Robin for Exchange.domain.com and is really causing the _autodiscover record to pull the External IP address of the server and then everyone is connecting over the WAN connection instead of the internal connection. The Exchange server has a DNS record on NS1.domain.com for Exchange.domain.com. The MX record on ns1.domain.com is pointing to exchange.domain.com. The internal NIC creates the same record for DCA, the AD DS Server. The records are easily created in AD DS for this server, because the PC name is in fact exchange.domain.com. The new exchange server, W2K8R2-ESP2-1.domain.com, will have an A record on the ns1.domain.com DNS server for mail.domain.com. The internal NIC will dynamically create an A record for W2K8R2-ESP2-1.domain.com on DCA, the AD DS Server. The WAN NIC needs to be registered in DNS for mail.domain.com, I have not found a consistent method for doing this. One question I have is, how can I make the WAN NIC register itself as mail.domain.com in DCA? I need to make sure it is shown as mail.domain.com and it in fact is registered in DCA DNS because if it is not, then exchange services fail to start, because the NIC is not registered on the domain, or it can not find any domain controllers. I was able to get around this by statically assigning mail.domain.com in DCA and then set the primary DNS server for W2K8R2-ESP2-1 for the external WAN IP of the AD DS Server -- DCA. However, I do not want to use the WAN IP of the domain server for DNS lookups on W2K8R2-ESP2-1, I want to use the NS1.domain.com server. So in short: W2K8R2-ESP2-1 WAN NIC needs to be seen as mail.domain.com on ns1.domain.com and mail.domain.com(so exchange servers can work) W2K8R2-ESP2-1 LAN NIC needs to be registered as it's fqdn W2K8R2-ESP2-1.domain.com so all internal workstations can connect over the LAN. Please let me know if you have any questions, I can understand how confusing this setup may be. I do ask for constructive feedback. Thank you

Hiya, Its a matter of where you keep your zones. In the setup you describe, you can achieve what you want by maintaining two DNS zones for your domain. When externally on Linux(using WAN addresses) and one internally on whatever DC you have (using LAN addresses). Internal clients should then request from internal DNS, which will hold DNS record for internal LAN NIC. And externally it will be requested on the Linux DNS. This is definitely not pretty and will give you added maintenance from the two zones, however you will be able to separate the internal from the external DNS requests.

That is how I have it set up though. The Internal DNS is set to forward any lookups to the External DNS server if nothing is found. However, I have to allow DNS requests on the WAN connection for the internal DNS. For instance: DCA has a record for W2K8R2-ESP2-1. This record is for the LAN connection. W2K8R2-ESP2-1 - Requires the Internal DNS's WAN connection in it's WAN Adapters DNS settings. Without this there it is seen as a Public Network and I am not able to get exchange services to run because it fails to locate DCA. Keep in mind that I have the Internal DNS servers LAN IP set for the DNS on the LAN adapter of the server, with a static route for access to the local network. I want to remove the WAN DCA DNS IP from the DNS entries for the WAN connection on W2K8R2-ESP2-1. Perhaps some one can help me understand how DNS should be set on these two adapters for W2K8R2-ESP2-1. I figured it would be fine to be able to have just the external DNS WAN connections IP in the WAN Adapters DNS settings. This just isn't the way it works, it requires the WAN IP for the DNS servers WAN adapter. Can someone offer me a typical set up for exchange networking with two DNS servers? Chad Robinson - IT Manager

Hiya, I have a hard time following what your writing. For each DNS you create a path for the request to follow. One externally and one internally. Those two should not cross at anytime. If they cross, it wont work. You would end up with an external request asking for LAN IP or visa versa. Either that, or I simply don't understand the question :)

I will see if I can explain it better. I have an exchange server W2K8R2-ESP2-1 joined to a domain let's call this domain.com. This exchange server has two NICS, one for LAN and one for WAN access. The LAN NIC has a static IP with out a default GW and has the internal DNS's LAN IP address. I set up a static route for the internal network with a metric lower than the WAN. I set this LAN to be first in the adapters and bindings setting for Network connections > Advanced Settings. The FQDN of this adapter is w2k8r2-esp2-1.domain.com and it registers it's DNS on the internal DNS. The WAN connection of the exchange server is also considered joined to the domain, domain.com. The WAN NIC DNS setting of this exchange server is pointing to the WAN NIC of the internal DNS domain.com. This NIC is also using the WAN NIC of the external DNS servers IP, as the secondary DNS server. The default GW of this NIC is that of the WAN switch. This NIC has a static metric of 600 and is set in Network Connections > Advanced Settings as second in line for adapters and bindings. The FQDN of this server is not registered in the internal DNS server (newly changed, and works) and is set in the external DNS server for mail.domain.com. I need to remove the external IP Address of the Internal WAN DNS NIC for the exchange servers WAN DNS setting. This will allow me to only have a primary DNS for the External DNS server. However, if I set it up this way, then my exchange services wont start, because no DNS servers can be found. Chad Robinson - IT Manager

Hiya, Set up your WAN NIC with internal DNS and WAN gateway. Remove gateway and DNS from LAN NIC and configure a static route on the server for the LAN network. http://www.windowsnetworking.com/articles_tutorials/how-configure-windows-2008-server-ip-routing.htm

I already have a static route for the LAN NIC, I stated that several times above. Why would I remove the DNS entry from the LAN NIC? Why do I need to use the internal DNS IP address for the WAN adapter on the exchange server? I don't want to use the Internal DNS for any DNS lookups on the exchange WAN adapter. Can you please explain why I may want to? Chad Robinson - IT Manager

Hiya, 1: When using the internal DNS on the WAN, you don't need it on the LAN NIC. 2: You want your exchange server to be able to do internal lookup as well as external lookup, that is possible with this setup. 3: You don't want to configure two gateways on your server. That's why you do the static route.

So if I setup the WAN connection for internal DNS lookups, then I'll need to statically assign the LAN connections IP in DNS. However, as I have stated above, I don't want to use my internal DNS for DNS lookups. Can this be accomplished? Chad Robinson - IT Manager

No, in this case your domain functionality will seize to work, as it is (hopefully not) able to resolve the internal domain name, from the external DNS server.

Ok so let me confirm: I need to statically assign my w2k8r2-esp2-1 server to my internal DNS server as w2k8r2-esp2-1 and pointing to that servers internal NIC(currently the LAN adapter registers itself in DNS). I then need to remove all DNS entries from the w2k8r2-esp2-1's LAN adapter. I then need to add the Internal DNS's IP to the w2k8r2-esp2-1 servers WAN adapter, as the only DNS entry. Can you confirm I have this correct? Chad Robinson - IT Manager

The exchange services didn't like that set up. I am now stuck at "applying server settings" after I restarted the machine. I do however have the DNS set to only listen for queries on the internal interface. Could this be an issue? Chad Robinson - IT Manager

I do however have the DNS set to only listen for queries on the internal interface. Could this be an issue? I allowed DNS queries for the WAN adapter on the DNS server and same thing applies. Neither LAN or WAN adapters on the W2K8R2-ESP2-1 server detect the domain. The static route is in fact in place; I have that set up as: Persistent Routes: Network Address Netmask Gateway Address Metric 172.23.0.0 255.255.0.0 172.23.0.1 266 0.0.0.0 0.0.0.0 x.xxx.xxx.1 Default The only way to get exchange services to work and not hang at start up is to set A records in the internal DNS server for the W2K8R2-ESP2-1 server. The settings that must be set are as follows: Inernal DNS Server Must be listening on LAN and WAN connections. DNS Records on the Internal DNS server: W2K8R2-ESP2-1 A (IP of LAN Connection) mail A (IP of WAN Connection) This allows me to separate the two connection points internally, so that outlook will only connect the LAN connection of the exchange server. However, it does not allow me to perform DNS lookups on our External DNS server(which is fine because the internal DNS server will forward queries as needed) or allow me to perform DNS lookups as Jesper has suggested above. Does anyone have any other ideas, or is this set up perfectly fine? Chad Robinson - IT Manager

Hiya, What you did is right. I did not expect that your DNS records were mashed up also :) I presume you have the mx record created also?

I started working for this company 6 months ago... You should have seen my mouth hit the floor when I took a look at the structure. The MX record is set on the External DNS server. Chad Robinson - IT Manager

LoL :) Good weekend! :)