Internally managing only certain DNS records for a domain
Sam
This might be a bit of a strange one but I'd be really grateful if
someone was able to help me out on it...
We are hosting a sub-domain for another company on our internal web
servers, lets call this sub.other.com. I need the PCs on our LAN to
be able to resolve its internal IP address rather than the external
one. However, if I add other.com into my local Active Directory DNS,
it will mean that our LAN PCs won't be able to resolve other
subdomains of other.com, like www.other.com, as the server will say
the name doesn't exist.
I tried asking them to add a CNAME to sub-other.ourdomain.com so that
I could put in my own A record to this in our local DNS but it appears
that DNS does not work in the way that I thought it does i.e. it
doesn't make a separate request via our internal server for each alias
when each CNAME record is resolved, instead it just resolves the whole
chain on the first server that is able to answer the question. This
is much more efficient of course, but doesn't help me to do what I
need to do.
Temporarily I have resorted to adding local records into the HOSTS
file of computers that need it but this is not very managable.
Anyone got any better ideas of how to do this?
Sam
Chris Dent
Hi Sam,
There's nothing stopping you from creating a Forward Lookup Zone called
"sub.other.com". Add a Host (A) record with a blank name and the
internal IP (that'll appear as "(same as parent folder)" in the console).
Flush the DNS cache on a client and you should find that a lookup for
sub.other.com resolves to the internal IP, while all other hosts under
other.com continue to resolve to public addressing.
HTH
Chris
Chris Dent
Incidentally, this is something best configured on the firewall /
router, sometimes referred to as DNS Loopback or NAT Loopback.
If that isn't an option, the zone as described in my previous post will
work without compromising name resolution for everything else in that
domain.
Chris
Sam
Of course, that makes total sense now I think about it! The DNS zone
is now working fine, I'll look for firewall settings tomorrow. Thanks
very much for both ideas Chris.
Sam
Chris Dent
You're welcome :)
Chris
Grant Taylor
Very, VERY, *VERY* nice (if not nasty) trick. I think I'll add that to
my tool box.
Grant. . . .
Ace Fekay [MCT]
news:he57hm$li8$1...@tncsrv01.tnetconsulting.net...
Grant, this is a common trick, err, configuration, so to speak. The reason
it works is that sub.other.com is a specific namespace. If any queries come
in with that namespace or zone, DNS will respond to it with what's in the
zone, otherwise, any queries to "anythingelse.com" will be recursed out
(either forwarders or Roots) because it doesn't host that zone. It looks
locally first for an exact match before it looks elswhere.
Ace
Grant Taylor
> Grant, this is a common trick, err, configuration, so to speak. The
> reason it works is that sub.other.com is a specific namespace. If any
> queries come in with that namespace or zone, DNS will respond to it
> with what's in the zone, otherwise, any queries to "anythingelse.com"
> will be recursed out (either forwarders or Roots) because it doesn't
> host that zone. It looks locally first for an exact match before it
> looks elswhere.
I understand completely why it work. I had just never thought of using
it that way. I love the idea. I've also shared it with a couple of
groups of fellow administrators already.
It's one of those things that is so simple and obvious it gets missed.
You know, "...can't see the forest for the trees...".
Grant. . . .
Ace Fekay [MCT]
Good analogy. :-)
Ace