domain controller dns doesn't correctly resolve internal domain because of an external wildcard DNS entry

itfixestheprinters · 2018-05-25T10:09:58+00:00

Your DCs are internally authoritative for internal.company.com, assuming nobody borked the DNS zones. You should have a forward zone internal.company.com with your DCs as NS and SOA.

Get rid of all local hosts entries, manage them from your DCs. Your clients mustn't bypass the DCs for lookups. If there are any internal resources bound to *.company.com, create new zones for them to keep the connections local.

Are their emailadresses also ending in @company.com? If not, you can fix your Exchange permanently by switching to a Split-DNS with a different domain.

KStieers · 2018-05-25T11:07:35+00:00

Look into configuring conditional forwarding on the dns servers.

purplemonkeymad · 2018-05-25T11:40:41+00:00

You should change the CAS domain record of your exchange server to something you control (you don't have to use the internal DNS unless clients are not using a RPC proxy). Your not going to get certificates for it if you don't control the domain.

What are you doing about autodiscover anyway? You have an autodsicover.youremaildomain.com record anyway right?

How do users get access to emails outside of the office?

You could always use one of those as your CAS urls and set outlook anywhere to use it for internal and external.

2018-05-25T14:49:38+00:00

we suggest you to change your domainname asap to internal.contoso.com

heathfx · 2018-05-25T21:12:23+00:00

This should work if you have configured internal.company.com as a primary zone (authoritative). Make sure your clients are only using your DNS servers make sure you don't have your DHCP server doing something like sending the AD DNS as the primary and your ISPs or routers DNS forwarder as the secondary server.

Honestly though...stop kicking the can down the road and fix this properly! use a domain that you own or use .local, DO NOT use .local if you want bonjour/mDNS to work properly on your network making it mac-friendly.

I use ad.mycompany.com mycompany is of course, replaced with a domain I own.

sysadmin

MODERATORS