Split Horizon DNS requirement

[neontangerine]

I am planning a full install of Zimbra to get ready for some testing and then hopefully migrating and moving to production. I have a question around the need to provide a split horizon or split brain DNS.

In our situation we leverage a third party (our ISP) to handle our public DNS queries and have only an internal DNS for our local lan. This DNS also cache's outside queries. I am able to have the third party DNS handle the MX records.

If I continue to leverage the third party DNS then I don't believe I need a split horizon DNS on the inside. Am I correct or is there something I am missing?

[phoenix]

Quote:

Originally Posted by neontangerine

Am I correct or is there something I am missing?

The answer to that is, it depends. If you are behind a NAT router or firewall then you will need a Split DNS set-up including a correct /etc/hosts file (details in the Quick Start Installation Guide).

[neontangerine]

Quote:

Originally Posted by phoenix

The answer to that is, it depends. If you are behind a NAT router or firewall then you will need a Split DNS set-up including a correct /etc/hosts file (details in the Quick Start Installation Guide).

Our firewall blocks DNS queries to our server and does provide NATing. The intention is to forward the SMTP port(s), leveraging SNAT and DNAT. We already run an internal DNS whereby several internal machines are available only from the inside.

If I query the Zimbra server (mail.domain.com) from internally by name I get the local address, if this is done from outside the firewall I get our public IP address as provided by the third-party DNS.

Functionally this is already split horizon is it not?

IS there something I am missing or need further?

Am I required to permit DNS queries to my IP?

[phoenix]

Quote:

Originally Posted by neontangerine

Our firewall blocks DNS queries to our server and does provide NATing. The intention is to forward the SMTP port(s), leveraging SNAT and DNAT. We already run an internal DNS whereby several internal machines are available only from the inside.

If I query the Zimbra server (mail.domain.com) from internally by name I get the local address, if this is done from outside the firewall I get our public IP address as provided by the third-party DNS.

Functionally this is already split horizon is it not?

Yes, it's a Split DNS set-up.

Quote:

Originally Posted by neontangerine

IS there something I am missing or need further?

No, you shouldn't need anything else. Just for confirmation you can check the configuration in the 'Verify...' section of the Split DNS article in the wiki and see if it returns the correct output (also check the hosts file configuration).