How is an Exchange server supposed to be seen on the perimeter network?

Question

I have done a lot of research and I think I am on a good track, finally. I have been searching for days. I am not even sure if this is a good forum to ask this question, but all the other forums I came across, seem to be filled with people who can't read a question and want me to try things I've clearly stated that I already did.

At this point I think all I need is a reverse lookup zone for my DMZ in my DNS (that lies on the trusted internal network). I have gone into the edge transport server, right click on 'My Computer', click the 'Computer name' tab, click change, click more, then enter the DNS suffix of my domain (mydomain.local). I only have ONE domain set up. The DMZ is a bunch of computers joined to a workgroup called 'DMZ'. And they are on a seperate network segment.

Before I can subscribe the Edge server to the Hub server, I need to resolve the FQDN both ways. I am having issues with looking outside the domain, so I need an entry in my domains DNS to see the DMZ.

IS IT BAD THAT I AM USING THE DOMAIN DNS (192.168.x.x) ON MY DMZ MACHINES (10.0.0.x)?? SHOULD MY DMZ HAVE IT'S OWN DNS??

I really have no idea how to set up servers. I am A+, Network+ and CCNA certified, NOT MSCE or anything even close to it.

Answer 1

You're going to want to set up a host file on your edge server that points to your Hub Transport server(s). So for example, assuming this is a single site and that your Hub is sitting on your internal network you would modify your hosts entry to look something like:

#Hub Transport Entry
192.168.X.X hubserver.domain.local hubserver

You would also obviously need to make sure that your internal network was routable to your DMZ and your DMZ to your internal network.

To resolve the other part of your DNS issue, just point your DMZ server to a public DNS provder, like Google (8.8.8.8).

Answer 2

I gave the edge server a DNS suffix the same as my domain suffix. it is still in a work group in the DMZ. It has two NICs one in the DMZ and one in the trusted network. Exchange is set to use both NIC's DNS servers depending on where it needs to look. I also had to put a host record in my DNS with a new forward look up zone pointing to the Edge server in the DMZ.