2

I have done a lot of research and I think I am on a good track, finally. I have been searching for days. I am not even sure if this is a good forum to ask this question, but all the other forums I came across, seem to be filled with people who can't read a question and want me to try things I've clearly stated that I already did.

At this point I think all I need is a reverse lookup zone for my DMZ in my DNS (that lies on the trusted internal network). I have gone into the edge transport server, right click on 'My Computer', click the 'Computer name' tab, click change, click more, then enter the DNS suffix of my domain (mydomain.local). I only have ONE domain set up. The DMZ is a bunch of computers joined to a workgroup called 'DMZ'. And they are on a seperate network segment.

Before I can subscribe the Edge server to the Hub server, I need to resolve the FQDN both ways. I am having issues with looking outside the domain, so I need an entry in my domains DNS to see the DMZ.

IS IT BAD THAT I AM USING THE DOMAIN DNS (192.168.x.x) ON MY DMZ MACHINES (10.0.0.x)?? SHOULD MY DMZ HAVE IT'S OWN DNS??

I really have no idea how to set up servers. I am A+, Network+ and CCNA certified, NOT MSCE or anything even close to it.

fixer1234
  • 27,064
  • 61
  • 75
  • 116
Daniel
  • 23
  • 4
  • Okay I have reinstalled windows 2003, powershell 1.0 and adam, and .net2.0. I am now installing edge transport. But it hit me!!!! If I dont have any internal DNS servers in my TCP/IP settings how can I resolve the name of the internal Hub server??? I put the Hub server into the hosts file and hoped an nslookup would resolve it, but no :( ...So i tried an nslookup with server parameter as the internal dns ip, and it worked great. So.....will my edge subscription work?? or do I need to give my TCP/IP settings a DNS of my internal domain?? – Daniel Jun 09 '12 at 01:27

2 Answers2

1

You're going to want to set up a host file on your edge server that points to your Hub Transport server(s). So for example, assuming this is a single site and that your Hub is sitting on your internal network you would modify your hosts entry to look something like:

#Hub Transport Entry
192.168.X.X hubserver.domain.local hubserver

You would also obviously need to make sure that your internal network was routable to your DMZ and your DMZ to your internal network.

To resolve the other part of your DNS issue, just point your DMZ server to a public DNS provder, like Google (8.8.8.8).

jmreicha
  • 2,157
  • 15
  • 23
  • Do you have any idea how to route my internal DNS (myDNSserver.domain.local) to see my DMZ. I can do a lookup by IP address but not my FQDN. "To resolve the other part of your DNS issue, just point your DMZ server to a public DNS provder, like Google (8.8.8.8)." --Do you mean in my IP settings on my Edge server, just point it to my ISP DNS?? – Daniel Jun 08 '12 at 14:22
  • It might be helpful for you to post your configuration in your OP, to help more. You don't need to route internal DNS to your DMZ, just make the IP addresses talk to each other. The host files takes care of the rest. In regards to your second question, yes change your edge IP settings to a public DNS. – jmreicha Jun 08 '12 at 14:44
  • If I set my DNS for my internet facing NIC to a Public DNS, then how will it resolve my private domain FQDNs?? – Daniel Jun 08 '12 at 16:51
  • I am at a point that I need to nslookup my edge to hub and hub to edge , so that I can succesfully subscribe the edge server to the exchange environment, right? My understanding is that the hosts files is not used when the cmd promt runs a nslookup command it goes right to the DNS server. – Daniel Jun 08 '12 at 16:52
  • what do you mean by OP configuration? – Daniel Jun 08 '12 at 16:53
  • OP stands for Original Post – jmreicha Jun 08 '12 at 17:05
  • I found some more reading material which led me to reinstall server 2003 Std r2, and then Exchange 2007 edge transport role. – Daniel Jun 08 '12 at 18:59
  • The IP and SM for the internal facing NIC are the only thing configured (no DNS or Default Gatewy)(192.168.0.x/24 subnet) The external NIC is configured with the DG as the DMZ interface on the firewall, DNS is a public ISP DNS, the IP and SM are configured for the DMZ subnet (10.10.10.x/24) – Daniel Jun 08 '12 at 19:04
  • the edge transport is configured with the domain.local DNS suffix the internal DNS has pointers to the edge transport server, but does NOT have a reverse lookup zone configured for the DMZ only the 192.168.0.0 subnet – Daniel Jun 08 '12 at 19:06
  • This article walks you through the setup, specifically Part 2. It describes the DNS method as well as the hosts file method. http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/uncovering-exchange-2007-edge-transport-server-part1.html – jmreicha Jun 08 '12 at 19:20
  • I totally looked at that article when I first started installing this a month ago, I guess over time I forgot about it. I am installing all the updates on the edge server, then I have to install the prereqs. hopefully by Monday I will be able to install edge transport role. I am using the hosts file on the edge server and DNS ptr for the hub server. I really HOPE this works. – Daniel Jun 08 '12 at 19:57
0

I gave the edge server a DNS suffix the same as my domain suffix. it is still in a work group in the DMZ. It has two NICs one in the DMZ and one in the trusted network. Exchange is set to use both NIC's DNS servers depending on where it needs to look. I also had to put a host record in my DNS with a new forward look up zone pointing to the Edge server in the DMZ.

Daniel
  • 23
  • 4