×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Setting up split DNS

Setting up split DNS

Setting up split DNS

(OP)
Hi everyone. I have an associate who owns a small business. He has only seven users on his network and he has one SBS 2003 server. He's utilizing Exchange 2003 and SQL Server 2005. His server also hosts the primary application his company uses including his time and billing data. His SBS server is around 10 years old now and he's finally ready to replace it. To that end he's purchased a new HP server. He has a Microsoft Action Pack subscription so he has access to Windows Server 2012 and Exchange 2013. So he's all set to make the move.

His current Active Directory (AD) and DNS environment are working fine. However, his internal domain is company.local and as we all know you won't be able to get SSL certs with an internal only domain name around 2 years from now. As small as his setup is it wouldn't be a problem to setup his new server with his current public domain name (company.com) to avoid the SSL cert issue coming in around 2 years. However, the time and billing package he uses can't be moved to a new server at this time.

So what I'm thinking of doing is joining the 2012 server to the SBS 2003 domain, adding AD and DNS to it (but letting the SBS 2003 server continue holding the FSMO roles so it won't freak out), and move everything BUT the time and billing software to the new server (including e-mail). The issue, of course, is that the new server will be joining a .local domain and we won't be able to change that later on without completely rebuilding the entire system.

So I was thinking maybe we could use split DNS to solve this issue. I've been reading up on it and it sounds like it would be one way to resolve the issue heading our way 2 years from now. We'll get a SAN cert with mail.company.com and autodiscover.company.com and use split DNS to ensure that, even though the Exchange server will be in the company.local domain, it'll be able to use the cert and serve e-mail internally and externally.

Thoughts?

RE: Setting up split DNS

It is really NOT hard at all to keep the .local domain and tweak the Exchange vdir URLs to only use the public (cert) name. That's the way all the more recent versions of SBS do it, and I do it all the time for non-SBS Exchange servers. The change in certificates is *not* an issue. I would not worry about the domain name--don't change it, just move forward with a regular migration (adding a new DC to the existing AD) and only "certify" the public names. There is always a pretty straightforward way to just configure things to use the public name, and not worry about the internal name.

You can even get a single-name cert if you want, and still not have much trouble, if you are willing to an SRV record like they do on SBS 2008/2011.

Feel free to ask more questions about specifics, and I can help you through any minor troubles that come up.

Dave Shackelford
ThirdTier.net

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close