Hi,Why it required to configure a Split DNS since we can use port forwarding in the router and firewall to access internal resource of an organization.
Split DNS vs Port Forwarding
- 184 Views
- Last Post 25 February 2019
Its not “required” but its usually beneficial… If it is not split then the structure of your active directory is visible externally. You split the DNS to hide things not make them visible. Do you really want ALL your traffic passing through a single external router? Personally, I would always use a separate internal domain with a name that’s not related to any company or name and that didn’t exist externally for active directory.That way when the business changes its name you are not left an active Directory that every one hates.. Dave
Simple. User goes out and connects outside the network and the mail is hosted on-premises.
DNS A: mail.domain.com IP 18.104.22.168
All Internet facing traffic hits the WAN IP above
DNS Forward Lookup Zone mail.domain.com
DNS A: * 10.99.101.5 (Exchange mail server IP)
We do this for all of our client’s networks as pretty much all of them are on-premises based services.
Application Request Routing and URL ReWrite take care of having a single WAN IP for all incoming HTTPS traffic allowing us to host whatever is needed (Azure uses
ARR as well).
Philip Elder MCTS
Microsoft High Availability MVP
Phone: (780) 458-2028
Skype: MPECS Inc.
Cloud: Canadian Cloud Worx
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00
AM - 5:00 PM, Monday thru Friday.