[ExchangeList] Re: OWA and domains and Activesynch

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Sat, 26 Aug 2006 08:10:29 -0500

http://www.msexchange.org
-------------------------------------------------------Actually, there are very 
strong reasons to avoid .local and I never
deploy illegal TLDs. They lock the poor sap into a solution that greatly
complicates the customer's "Access Anywhere" plan. 

Sure, you could use the "parallel" split DNS shim, but why not use a
pure split DNS for the most elegant and flexible solution? I have run
into just so many horked up networks because of the .local travesty that
I'll work whereever I can to make sure customers are victimized by it
again.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: exchangelist-bounce@xxxxxxxxxxxxx 
> [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Chris Buechler
> Sent: Friday, August 25, 2006 5:11 PM
> To: exchangelist@xxxxxxxxxxxxx
> Subject: [ExchangeList] Re: OWA and domains and Activesynch
> 
> http://www.msexchange.org
> -------------------------------------------------------Thomas 
> W Shinder wrote:
> > The dreaded .local rears its ugly head again. People really 
> should stop
> > doing that and use a split DNS. It would avoid so many 
> problems, esp for
> > the small businesses that get duped into using .local 
> 
> This isn't really an issue.  There's nothing wrong with using 
> .local.  
> You still need split DNS for your public domains with most firewalls, 
> but it has nothing to do with the problem at hand.  This 
> isn't creating 
> any sort of issue that you wouldn't have if you were using the actual 
> registered domain.  You just need an additional zone if your 
> AD domain 
> isn't the same as your public domain. 
> 
> Tom goes further into this argument in his ISA 2004 book, but 
> even after 
> reading that (which, for the most part, is a good book) the argument 
> doesn't hold water.  This is from experience - roughly half of the 
> domains I administer use .local, with the other half using actual 
> registered domain names.  Neither is better or worse than the other.  
> You just usually need an additional DNS zone in networks where you 
> aren't using the company's registered domain name. 
> 
> To actually address the problem... 
> 
> 
> >> I created an A record for 
> >> mail.graphicsolutions.com in
> >> my internal DNS, yet when I ping internally it will only resolve
> >> correctly when I ping
> >> mail.graphicsolutions.com.gsi.local
> >>     
> 
> Because you created the A record as 
> mail.graphicsolutions.com.gsi.local.  You need to setup a new zone in 
> your internal DNS servers for graphicsolutions.com, then add 
> an A record 
> there for mail.  Then it'll resolve as you desire.  
> Alternatively, you 
> could instead create a CNAME for mail.graphicsolutions.com 
> that points 
> to your OWA server's internal FQDN (exchange.gsi.local or whatever). 
> 
> -Chris
> 
> -------------------------------------------------------
> List Archives: http://www.freelists.org/archives/exchangelist/  
> MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp 
> MSExchange Articles and Tutorials: 
> http://www.msexchange.org/articles_tutorials/ 
> MSExchange Blogs: http://blogs.msexchange.org/ 
> -------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> -------------------------------------------------------
> To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
> Report abuse to listadmin@xxxxxxxxxxxxxx 
> 
> 
> 
-------------------------------------------------------
List Archives: http://www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials: http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: