just want to confirm that the set up of my perimeter network is correct...
I have set up servers dns1 and dns2 at mydomain.com as dns1.mydomain.com and dns2.mydomain.com both with public ip addresses.
dns1 replicates to dns2. dns1 is the primary, dns2 secondary, I have installed AD on dns1 and filled the table with my external web server and external exchange server (for hub transport to my internal corp.domain.com), web1.mydomain.com and echs1.mydomain.com. both with public ip addresses. dns1 and dns1 is set to replicate only to name servers in name servers tab. dns 1 and 2 has their dns set to my ISP's dns servers. dns 1 and 2 internal property set to use root hints. dns 1 and 2 ip set to use ISP's dns servers. everything works as expected. nslookup returns correct info for all servers.
my internal corp.mydomain.com ADDC's server ip is set to use my dns server in its dns ip settings. nslookup here shows everything works correctly. all internal servers and clients resolve correctly - all joined to corp.mydomain.com.
Q.1 - for security purposes, is this a good configuration - creating an active directory on perimeter network and joining all perimeter servers to that network - mydomain.com?
reason I am asking is because in reading the configuration for exchange server 2013, the recommendation was to not use AD on the perimeter network and set the dns suffix for the connections on the perimeter network servers to mydomain.com
Q.2 - when installing exchange I plan to install in corp.mydomain.com ADDC schema. I plan on using edge transport role in perimeter network.
Q.3 - when installing edge transport role in the perimeter, do I also have to prepare the perimeter AD for edge, or will it simply install LDAP where with I simply subscribe to the edge server?
Q.4 - my external web1 server needs to talk to my internal DB server db1.corp.mydomain.com (e-commerce database) my web application has encrypted configuration file capability. encryption has been turned on between web1 and db1, is this enough security between web1 external and db1 internal or do I need to do more to secure db1. firewall is turned on for all servers. all port configuration are set to allow only necessary services.
overall is this a good configuration for external mydomain.com and internal corp.mydomain.com