This is a common problem when your have internal server with externally
accessible resources.

What you need to do is create what I call a GHOST forward look up zone on
your internal DNS servers. This zone will be for the "ourdomain.it". And it
must only be visible by internal users. You need to populate this zone with
all of the appropriate A records (www, mail, etc) and assign them either
internal IPs or External IPs which ever is appropriate.

The down side of this configuration is, any time there is a change, a
resource is added, removed, or moved to a different server, you now have to
contend with two separate DNS servers that have to be configured. You must
contact your ISP so they can update the DNS server that they host for the
world to see, and you must update the DNS server that you host for the
internal users to see.

This seems easy enough, but you would be surprised how often one or the
other is forgotten about.


"Chino" <chino75@fastwebnet.it> wrote in message
news:ei7dak$2jp$1@newsread.albacom.net...
> Hi all.
> I'm not confident with DNS in general, but I have to find a way to do
> this:
>
> I'm in a LAN using a Windows Server 2003 as the primary DNS.
> We have Mail and Web servers using public addresses, when someone check
> for www.ourdomain.it or mail.ourdomain.it from ouside the LAN, they get
> the servers' public addresses from our provider authoritative DNS.
> That is ok.
> When we check look for www.ourdomain or mail.ourdomain.it from inside the
> LAN, we also get the public addresses from our internal DNS.
> That's not ok. We should get our servers' private IP addresses.
> How can I configure our internal DNS to do the job?
> Should I add ourdomain.it on the DNS as a stub one?
> If I only add a host(A), I do not resolve the problem, as the server
> automatically add the ourdomain.locale suffix to the address.
>
> Could someone point me at the right documentation, or tell how to have
> this working if it's simple?
>
> thank you very much.
>
>
>