Split DNS vs Port Forwarding

  • 88 Views
  • Last Post 4 weeks ago
manasrrp6 posted this 4 weeks ago

 Hi,Why it required to configure a Split DNS since we can use port forwarding in the router and firewall to access internal resource of an organization.Regardscid:image002.gif@01D14ECD.C6D1DE80 

Order By: Standard | Newest | Votes
g4ugm posted this 4 weeks ago

Its not “required” but its usually beneficial… If it is not split then the structure of your active directory is visible externally. You split the DNS to hide things not make them visible. Do you really want ALL your traffic passing through a single external router? Personally, I would always use a separate internal domain with a name that’s not related to any company or name and that didn’t exist externally for active directory.That way when the business changes its name you are not left an active Directory that every one hates..   Dave 

show

PhilipElder posted this 4 weeks ago





Simple. User goes out and connects outside the network and the mail is hosted on-premises.

 



·        

Internet DNS



o  

DNS A: mail.domain.com IP 99.88.77.66



o  

All Internet facing traffic hits the WAN IP above



·        

Internal DNS



o  

DNS Forward Lookup Zone mail.domain.com



o  

DNS A: * 10.99.101.5 (Exchange mail server IP)

 

We do this for all of our client’s networks as pretty much all of them are on-premises based services.



 

Application Request Routing and URL ReWrite take care of having a single WAN IP for all incoming HTTPS traffic allowing us to host whatever is needed (Azure uses

ARR as well).

 



Philip Elder MCTS

Microsoft High Availability MVP

E-mail:

PhilipElder@xxxxxxxxxxxxxxxx

Phone: (780) 458-2028

www.CommodityClusters.Com

Blog Site

Twitter: MPECSInc

Skype: MPECS Inc.

Cloud: Canadian Cloud Worx

 

 

Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00

AM - 5:00 PM, Monday thru Friday.




 

show

Close