Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, April 14, 2010 7:57 PM
Ok for starters this is the situation:
We have a corporate web domain companyname.com that is hosted by a hosting company.
We have a local network with a PDC running the DNS. the local domain is companyname.local
on the Hosted domain we have a subdomain for a application for a client that is app.companyname.com this points to a Static IP at our office. It hits our router and is translated into a local IP via 1 to 1 NAT.
The problem lies in the fact that we cannot type app.companyname.com in our office and connect.
Typically What I would do is just edit the hosts file on the machines an override app.companyname.com to point to the correct local IP. But This introduces a new problem that we wish to avoid.
We have demostration machines as well as laptops that participate in the development and transistion in and out of the office. If I edit the host file on these machines then when they are on the outside the override for the hosts file would have to be removed and then put back in when they are here at the office. I find this unacceptable.
What I want to know is there something similar to the hosts file functionality in MS DNS server that would allow for this in our office so that when a computer leaves our network and uses another DNS server it would find the A name that we have on out hosted DNS.
I'm pretty inexperienced with Windows Server is if someone can tell me how to set this up I would be very greatful.
Thanks in advance,
James
All replies (4)
Wednesday, April 14, 2010 10:26 PM âś…Answered
Almost Simple. I had to re-read your question. You will have to do two steps. first, create a new forward domain called companyname.com. Next, add the host record to point to the internal IP address you wish to use.
Domain: companyname.com
app host(A) 192.168.1.104
Since everyone on the Internet will refer to your ISP's DNS, it will reflect the outside IP address. Your internal network points to the internal DNS which will resolve to the internal IP.
Let me know if that is what you looking for.
Thanks,
James
Wednesday, April 14, 2010 10:49 PM
As Brinkmann explained, have your DNS administrator create a forward lookup zone, companyname.com. If you are running Active Directory, the recommended type is going to be AD Integrated. In addition to that one record app.company.com, you will have to create ALL OF THE OTHER records you have in your external zone.
The reason is because once you create the internal zone, companyname.com, it is authoritative for your zone. If you dont include the other records, any other host record you attempt to resolve from the inside will fail, say www.companyname.com. Your internal DNS server will NOT forward since it will have an AUTHORITATIVE copy of the zone.
I just wanted to add that note because what would happened is that name resolution for that one app would have worked perfectly, but the rest of the records that are stored on the external DNS server would have failed from inside your network.
So this is a common design, called split-DNS. It just adds a little more managment. When you add records to your external DNS, you must also add them to the internal DNS as well.
Visit my blog: anITKB.com, an IT Knowledge Base.
Wednesday, April 14, 2010 10:58 PM
oh, of course, your other option is to use a public IP address for that app.companyname.com resource rather than a NAT'd IP.
Visit my blog: anITKB.com, an IT Knowledge Base.
Thursday, April 15, 2010 1:39 PM
True about needing to duplicate all the domain records internally for that domain.
On the suggestion of using the public address, the problem many times is that the firewall sees the outgoing connection to the public address, and then try to loop back in, and the packet gets denied (usually as a spoof attack).
Thanks,
James