How to force a DNS external lookup when needed

2019-07-09

Question

_{Tuesday, July 9, 2019 3:25 PM}

Hi all

This may be a basic question for some of you but I can't find the answer I'm looking for, so I'm asking your help.

We have a secure network which is behind multiple firewalls with a proxy system and have a website for internal and external users which is hosted externally. The site is moved from time to time to a different server without any prior information to us and we only know because it becomes inaccessible to internal computers, even though an external computer receives the new DNS entry and can use the website. This happens because our internal computers are accessing our own DNS which has the webbsite manually entered as a forward lookup and only changes when we go in to update it.

The question is, in the event that the website has moved, preventing our internal DNS from being able to find it, whether we can make our system go to a public DNS server to obtain the updated address, thus allowing the users to access the site as if nothing has happened. We then need our DNS record to update itself to the new IP address or alert us that it has changed (preferably with the new address) so that we can update our internal DNS.

Many thanks.

All replies (7)

_{Wednesday, July 10, 2019 1:44 PM ✅Answered}

The internal DNS host the "real" DNS zone of your domain, right ?

And probably the external DNS zone has several host records for web sites or other "public" records, am i right.

If it's the case, the problem you have is both DNS Servers host the same DNS Zone name. And because it's the same name, you cannot configure either conditional forwarding or secondary zone because it's the same name.

The internal DNS Server is authoritative for it's own zone so it cannot forward request to another DNS server for the same zone name.

From what i can see, you have 2 choices…

1. Change the DNS zone name internally or externally (not very funny to do actually) because you need to do a Domain rename… i don't really like this

2. Update manually the DNS record in your internal DNS Zone name each time the Host (A) record change

This posting is provided AS IS without warranty of any kind

_{Tuesday, July 9, 2019 4:36 PM}

Any Reason why you have manually created the website record in your internal DNS Servers forward lookup zone ?

Does the internal DNS zone is the same as the external ?

This posting is provided AS IS without warranty of any kind

_{Wednesday, July 10, 2019 1:57 AM}

Hi,

As cthivierge said, the key to the problem is whether the external website name is the same as internal domain name.

You need to change the record manually because there is not association between internal and external DNS servers.

If they are different zones, I suggest you create a secondary zone on internal DNS server.

Best regards,

Travis

Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]

_{Wednesday, July 10, 2019 7:13 AM}

Hi & thanks for your reply.

The reason for using internal DNS is because of the security requirements we have to work to, hence why I'm looking for as way to maintain the availability of the site when it moves.

Thanks

_{Wednesday, July 10, 2019 7:18 AM}

Hi Travis & thanks for your reply.

Inevitably, because I am asking for help on this, I'd really appreciate a bit more detail as to how to make this association and which external DNS is best, if any.

Thanks
Steve

_{Tuesday, July 16, 2019 10:45 AM}

Thanks very much, cthivierge, for getting back to me & I'm sorry I've not got back on Technet to reply sooner.

Yes, things are as you believe and yes, we are currently using the 2nd solution; looks like we are stuck with it.

Thanks again

_{Wednesday, July 17, 2019 5:57 AM}

Hi,

Thanks for your updating current situation.

If there is anything else we can do for you, please feel free to post in the forum.