The problem you are having doesn't seem to be due to either having or not having split DNS. You are having issues with email not being accepted because there is no reverse DNS. Whoever hosts your DNS and is responsible for your domain name should have the whole zone file for forward and reverse DNS and all you need to do is ask them to host a reverse DNS entry for the IP that doesn't have one. If your internal and external domain names are the same, and you are an AD shop then you should already have split DNS?? Just add the entries for those sites that you are hairpinning for to your internal DNS. TD -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Wednesday, April 20, 2005 9:09 AM To: [ISAserver.org Discussion List] Subject: [isalist] Split DNS Questions... http://www.ISAserver.org I haven't really looked into using a Split DNS before because what we had was working "okay". However, I'm running into a few issues that make me wonder if a split DNS would be appropriate for our situation. - We do use the same domain name for the internal network, as is publicly available. Sounds like a perfect situation for a split DNS... - Accessing our own website acts like it's coming from the outside. The ISA logs show it coming in and going out of the internal network, but passing right by the web publishing policy, and hitting my last policy for IntraNet All Protocols. I don't mind it passing through the ISA server, as it doesn't put much of a load on it and I can then see it in the reports. However, I'd like to be able to have it recognize the local connection, and provide authentication. - Since installing Rain Connect, we've been having troubles with some outgoing e-mails. Apparently, one of our IP addresses doesn't have a reverse DNS entry for it, and many organizations won't accept it if they can't do a reverse lookup. So I redirected all TCP port 25 traffic through one of our ISPs. However, whenever that link goes down (and cable modems go down at least once an hour), it redirects the traffic through the other port, and we get some rejected messages. Trying to clear this up with our ISP doesn't seem to be working, so maybe running our own (split) DNS server would clear it up? - Along with the last one comment, we plan on adding a few more ISPs in the future, and removing others. I personally think it would be much easier to do these updates if we ran our own (public) DNS server, instead of the hassle of trying to get all ISPs to change entries all the time. So what do you think? Good scenario for a Split DNS? ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tdoholis@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx