|
zmobile -> exchange 2000 setup (3.May2006 11:30:47 PM)
|
I am just curious about something and hope someone could shed some light on the subject. I came across a system that was running exchange 2000 and ISA 2000 on wink2 domain. The exchange server had two NICs, one on the internal network and one connected to the dmz. Same with the ISA. The exchange server was also configured as a caching only DNS server with forwarders set to the ISP DNS servers along with the SMTP VS set to point to the ISP DNS servers. All clients and servers except the mail server go through the ISA for Internet connectivity.
The internal DNS never resolves outside the trusted network, Mail resolves through the forwarders set within DNS on this server and clients resolve via ISA connection.
What is the purpose of this? and is this normal setup? I was never shown this type of conffiguration before, so it kinds took me off gaurd. I always thought that the internal DC\DNS servers, say 2 of them, would have forwarders set. All other servers including the exchange server (sitting completely in the trusted network) would resolve to those servers internally and then externally through the forwarders specified within the DC\DNS servers. I know ISA is a differnet story, but I wanted to show the complete network connections.
Is this a security risk? it seems as though if the exchange (dmz) side of the house gets hacked then they have complete access to the internal network? just a thought? Wouldn't it be better to place an SMTP relay server in the dmz and create firewall rules between the relay and mail server?
Can someone help explain this setup to me...
|
|
|
|