DNS does not escalate for its own domain name

Situation:
an inhouse net with AD domain "mydomain.com".
outside ISP with web server: www.mydomain.com and some more subdomains as: x.mydomain.com, y.mydomain.com,...
The ISP provides 2 DNS server: NS1 and NS2
My inhouse DNS server has all inhouse ip mapped to names.

I could access by IE6 all inhouse of mydomain and all other (not my domain)  targets outside (usual web access)
>>> I could not access my (outside) www and subdomains!
Obviously my DNS does not resolve the outside domains when it has to look for inhouse domain names outside (escalating to the ISP provided 2 DNS server).

The outside domains has 2 DNS server (provided by the ISP) which are listed as 2nd and 3rd when listing with ipconfig /all
First DNS server is my inhouse DNS server.

I made a test by moving one of the outside DNS server to position 1 in my list.
Now I have access to all outside and "www.mydomain.com" too. but i.e. Outlook doesn't resolve to my (local /inhouse) Exchange2003 server. It says the server maybe down. But the problem the local server is not found as its name is not resolved. (MY! inhouse DNS server doesn't obviously resolve it as it is not asked or not asked early enough when it is a timing problem.)

Internet access is by DSL and an dynamic IP for the DSL-Router

Whats wrong?
Could it be that timing plays a role. How should I over came that?
How could I make my DNS server escalating an unresolved name to DNS 2 and DNS3? As it obviously does for all foreign domains but not for the AD (inhouse) domain?

Any help would be really appreciated.
Juergen Loewner
JLoewnerAsked:
Who is Participating?
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Split Brain DNS (mutliple "Start of Authority" Servers for a single Domain) is a far from ideal set-up (aka high maintainance).

You could always rename your Private Domain, then requests would be handled as you want by your Internal DNS.

http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx
0
 
scampgbCommented:
Hi JLoewner,
If the DNS server is configured to be authoritative for "mydomain.com" (which is is) then it won't refer to another DNS server if it doesn't have a record that matches the request.
Instead it'll just return that the record can't be found.
This is correct behaviour.

What you'll have to do is add "A" records to your Internal DNS zone on your server that points to the external IPs.  For example "www.mydomain.com" A 1.2.3.4

Does that help?
0
 
JLoewnerAuthor Commented:
This I have done already. It works.

But I don't want to care about the mappings locally as it is intended to have lots of subdomains as some diferent other domains..
As everything is on the ISPs NS1 and NS2 why can't it work this way: if it is not resolved here lets look as usual in the listed DNS server?

Or is there a workaround gain this?

0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
_Jochen_Commented:
tell your internal DNS server the IP of the external DNS Servers for a Forwarding Lookup Zone.
All unkown names will be forewarded to the external Servers.
Something general: Dont use the same DNS Name for internal net, as you use for external net.
0
 
JLoewnerAuthor Commented:
>>tell your internal DNS server the IP of the external DNS Servers for a Forwarding Lookup Zone

I guess I have already done that:
in DNS admin I added an record i.e.: nameserver (NS) ns27.1and1.com

That hasn't worked.

Or do you mean someting different?
0
 
JLoewnerAuthor Commented:
>>tell your internal DNS server the IP of the external DNS Servers for a Forwarding Lookup Zone

some additional info to this:

When I tied this I had the following effect:
nslookup found my external name.
But I couldn't ping it.
And I couldn't reach it by IE6
0
 
scampgbCommented:
_Jochen_:
> tell your internal DNS server the IP of the external DNS Servers for
> a Forwarding Lookup Zone.
> All unkown names will be forewarded to the external Servers.

That's not quite the whole story.  Any request for a domain for which the DNS server doesn't have a cached response will be sent on to the forwarders UNLESS the DNS server itself is authoritative for that zone.

If the Internal domain zone is the same as one hosted elsewhere you will need to duplicate your "external" entries on your Internal DNS server.

LJowner: you could consider subdomain delegation for handling the subdomains, but the "mydomain.com" Internal zone will still need to have entries from your External one.
0
 
JLoewnerAuthor Commented:
So I have to stick with my 1st comment:
All external xyz.mydomain.com (varying xyz) have to be entered manually at my local DNS server!?

This is not very satisfying.
It is ok for 1 or 2 servers outside.

But if you have to care for a bunch of it with changing entries on a nearly weekly basis this is an foreseeable error prone work.

No workaround?
No flash of inspiration folks?
0
 
scampgbCommented:
JLoewner:
Sorry - the only "solution" is for you to be using a different DNS zone for your Internal network.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.