Split DNS help and Exchange 2013

Microsoft Small business server 2003 r2...
November 16, 2013 at 17:11:44
Specs: Windows 2003
Hi everyone. I'm going to start this thread because the plan is to get Exchange 2013 up and running utilizing split DNS. Here's more info:

I have an associate who owns a small business. He has only seven users on his network and he has one SBS 2003 server. He's utilizing Exchange 2003 and SQL Server 2005. His server also hosts the primary application his company uses including his time and billing data. His SBS server is around 10 years old now and he's finally ready to replace it. To that end he's purchased a new HP server. He has a Microsoft Action Pack subscription so he has access to Windows Server 2012 and Exchange 2013. So he's all set to make the move.

His current Active Directory (AD) and DNS environment are working fine. However, his internal domain is company.local and as we all know you won't be able to get SSL certs with an internal only domain name around 2 years from now. I'm thinking about SSL certs from an Exchange server angle because that's all he uses one for. As small as his setup is it wouldn't be a problem to setup his new server with his current public domain name (company.com) to avoid the SSL cert issue coming in around 2 years. However, the time and billing package he uses can't be moved to a new server at this time.

So what I'm thinking of doing is joining the 2012 server to the SBS 2003 domain, adding AD and DNS to it (but letting the SBS 2003 server continue holding the FSMO roles so it won't freak out), and move everything BUT the time and billing software to the new server (including e-mail). The issue, of course, is that the new server will be joining a .local domain and we won't be able to change that later on without completely rebuilding the entire system.

So I was thinking maybe we could use split DNS to solve this issue. I've been reading up on it and it sounds like it would be one way to resolve the issue heading our way 2 years from now. We'll get a SAN cert with mail.company.com and autodiscover.company.com and use split DNS to ensure that, even though the Exchange server will be in the company.local domain, it'll be able to use the cert and serve e-mail internally and externally.

Thoughts?


See More: Split DNS help and Exchange 2013

Report •

#1
November 17, 2013 at 06:55:28
It sounds interesting. Here's a little tid bit I found:

ISA Server Alert
You must have two DNS servers in order for the split DNS infrastructure to work. You can't create the same zone twice on the same DNS server. The internal zone and the external zones must be located on different DNS servers. You can't do this with a single DNS Server!

http://www.isaserver.org/articles-t...

How do you know when a politician is lying? His mouth is moving.


Report •

#2
November 18, 2013 at 04:14:32
Whoops, I just realized that I logged in and posted here as a different user. This is Thrasonic, the original poster. Please respond below. Thanks.

Okay, so from what I've read we should configure the internal and external URL's to point to the external URL addresses - mail.company.com and autodiscover.company.com - and setup split brain DNS on the internal DNS server. So his DNS will have company.local as well as company.com. I've looked at the information at the following link - http://www.petenetlive.com/KB/Artic... - and am wondering if this is all I need to do in order to setup split brain DNS so it will work with my friend's situation?

message edited by harjon


Report •

#3
November 18, 2013 at 07:16:01
Microsoft Action Pack subscriptions are only for those folks promoting Microsoft products and for internal usage only.

The software must be used only for:

Managing internal business
Conducting demos with your customers
Training your employees
Developing and testing applications

https://mspartner.microsoft.com/en/...

Since you say SBS is old it does not appear you friend is using this legitimately. One of the rules is you have to upgrade to the latest and greatest within one year of the new products release. You also can't use these products externally only internally.

You do split brain dns with only ONE server. You use two if doing split split brain dns.

You also do not want to make your AD core based on SBS 2003. Imagine if that SBS died. Though you can add 2008 server as a DC I haven't read anything about adding 2012 so I suspect MS deliberately left this out to force folks to upgrade to the newer OS.


Answers are only as good as the information you provide.
How to properly post a question:
Sorry no tech support via PM's

message edited by wanderer


Report •
Related Solutions


Ask Question