this may seem like a dumb question but let me explain my current situation.
I am on a LAN behind a firewall. I am using private IPs (10.x.x.x with subnet mask 255.0.0.0) for all the PCs on the LAN and the servers. My DNS server (10.0.0.4) is running W2k and also acting as the AD server for my domain, e.g. companya.com. This DNS server has a AD-integrated zone for companya.com with a SOA record for the companya.com domain. This server also has a public IP, e.g. 22.214.171.124 which is set via one-to-one NAT on my firewall.
However, my ISP already has an authoritative DNS server with a SOA record for the companya.com domain. So external users trying to reach a computer abc.companya.com resolves the name directly or indirectly through the ISP's DNS servers.
DNS settings for all internal users are set to 10.0.0.4 with my ISP's DNS servers set as alternate DNS servers. So, internal users will resolve all names through the internal DNS server (10.0.0.4/126.96.36.199) which also has its forwarders property set to point to my ISP's DNS servers.
This is alright for most cases, however, there is a problema I am facing:
cannot be resolved through the internal DNS server! www.companya.com
is my company website hosted by my ISP.
I've tried to solve this by:
1) adding a "www" host (A) record pointing to the IP address (e.g. 188.8.131.52) of my ISP's web server. This did not work because my ISP is doing some sort of mapping from www.companya.com
to my website. Just accessing the IP directly will not get to www.companya.com
website but will show the ISP's homepage instead.
2) setting the internal users' DNS settings such that my ISP's DNS servers come before my internal DNS server to enable resolution of www.companya.com
, internal network access will be very slow due to the external DNS server resolving to 184.108.40.206 which cannot be used internally to address the 10.0.0.4 server. The internal user's machine will be trying to reach 220.127.116.11 in vain and will only try to resolve using the alternate internal DNS server after timeout which takes quite a while.
If there is any way to resolve this issue, please let me know ASAP. TIA!