Split DNS vs Port Forwarding

  • Last Post 25 February 2019
manasrrp6 posted this 24 February 2019

 Hi,Why it required to configure a Split DNS since we can use port forwarding in the router and firewall to access internal resource of an organization.Regardscid:image002.gif@01D14ECD.C6D1DE80 

Order By: Standard | Newest | Votes
PhilipElder posted this 25 February 2019

Simple. User goes out and connects outside the network and the mail is hosted on-premises.



Internet DNS


DNS A: mail.domain.com IP


All Internet facing traffic hits the WAN IP above


Internal DNS


DNS Forward Lookup Zone mail.domain.com


DNS A: * (Exchange mail server IP)


We do this for all of our client’s networks as pretty much all of them are on-premises based services.


Application Request Routing and URL ReWrite take care of having a single WAN IP for all incoming HTTPS traffic allowing us to host whatever is needed (Azure uses

ARR as well).


Philip Elder MCTS

Microsoft High Availability MVP



Phone: (780) 458-2028


Blog Site

Twitter: MPECSInc

Skype: MPECS Inc.

Cloud: Canadian Cloud Worx



Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00

AM - 5:00 PM, Monday thru Friday.



g4ugm posted this 24 February 2019

Its not “required” but its usually beneficial… If it is not split then the structure of your active directory is visible externally. You split the DNS to hide things not make them visible. Do you really want ALL your traffic passing through a single external router? Personally, I would always use a separate internal domain with a name that’s not related to any company or name and that didn’t exist externally for active directory.That way when the business changes its name you are not left an active Directory that every one hates..   Dave