JLoewner
asked on
DNS does not escalate for its own domain name
Situation:
an inhouse net with AD domain "mydomain.com".
outside ISP with web server: www.mydomain.com and some more subdomains as: x.mydomain.com, y.mydomain.com,...
The ISP provides 2 DNS server: NS1 and NS2
My inhouse DNS server has all inhouse ip mapped to names.
I could access by IE6 all inhouse of mydomain and all other (not my domain) targets outside (usual web access)
>>> I could not access my (outside) www and subdomains!
Obviously my DNS does not resolve the outside domains when it has to look for inhouse domain names outside (escalating to the ISP provided 2 DNS server).
The outside domains has 2 DNS server (provided by the ISP) which are listed as 2nd and 3rd when listing with ipconfig /all
First DNS server is my inhouse DNS server.
I made a test by moving one of the outside DNS server to position 1 in my list.
Now I have access to all outside and "www.mydomain.com" too. but i.e. Outlook doesn't resolve to my (local /inhouse) Exchange2003 server. It says the server maybe down. But the problem the local server is not found as its name is not resolved. (MY! inhouse DNS server doesn't obviously resolve it as it is not asked or not asked early enough when it is a timing problem.)
Internet access is by DSL and an dynamic IP for the DSL-Router
Whats wrong?
Could it be that timing plays a role. How should I over came that?
How could I make my DNS server escalating an unresolved name to DNS 2 and DNS3? As it obviously does for all foreign domains but not for the AD (inhouse) domain?
Any help would be really appreciated.
Juergen Loewner
an inhouse net with AD domain "mydomain.com".
outside ISP with web server: www.mydomain.com and some more subdomains as: x.mydomain.com, y.mydomain.com,...
The ISP provides 2 DNS server: NS1 and NS2
My inhouse DNS server has all inhouse ip mapped to names.
I could access by IE6 all inhouse of mydomain and all other (not my domain) targets outside (usual web access)
>>> I could not access my (outside) www and subdomains!
Obviously my DNS does not resolve the outside domains when it has to look for inhouse domain names outside (escalating to the ISP provided 2 DNS server).
The outside domains has 2 DNS server (provided by the ISP) which are listed as 2nd and 3rd when listing with ipconfig /all
First DNS server is my inhouse DNS server.
I made a test by moving one of the outside DNS server to position 1 in my list.
Now I have access to all outside and "www.mydomain.com" too. but i.e. Outlook doesn't resolve to my (local /inhouse) Exchange2003 server. It says the server maybe down. But the problem the local server is not found as its name is not resolved. (MY! inhouse DNS server doesn't obviously resolve it as it is not asked or not asked early enough when it is a timing problem.)
Internet access is by DSL and an dynamic IP for the DSL-Router
Whats wrong?
Could it be that timing plays a role. How should I over came that?
How could I make my DNS server escalating an unresolved name to DNS 2 and DNS3? As it obviously does for all foreign domains but not for the AD (inhouse) domain?
Any help would be really appreciated.
Juergen Loewner
ASKER
This I have done already. It works.
But I don't want to care about the mappings locally as it is intended to have lots of subdomains as some diferent other domains..
As everything is on the ISPs NS1 and NS2 why can't it work this way: if it is not resolved here lets look as usual in the listed DNS server?
Or is there a workaround gain this?
But I don't want to care about the mappings locally as it is intended to have lots of subdomains as some diferent other domains..
As everything is on the ISPs NS1 and NS2 why can't it work this way: if it is not resolved here lets look as usual in the listed DNS server?
Or is there a workaround gain this?
tell your internal DNS server the IP of the external DNS Servers for a Forwarding Lookup Zone.
All unkown names will be forewarded to the external Servers.
Something general: Dont use the same DNS Name for internal net, as you use for external net.
All unkown names will be forewarded to the external Servers.
Something general: Dont use the same DNS Name for internal net, as you use for external net.
ASKER
>>tell your internal DNS server the IP of the external DNS Servers for a Forwarding Lookup Zone
I guess I have already done that:
in DNS admin I added an record i.e.: nameserver (NS) ns27.1and1.com
That hasn't worked.
Or do you mean someting different?
I guess I have already done that:
in DNS admin I added an record i.e.: nameserver (NS) ns27.1and1.com
That hasn't worked.
Or do you mean someting different?
ASKER
>>tell your internal DNS server the IP of the external DNS Servers for a Forwarding Lookup Zone
some additional info to this:
When I tied this I had the following effect:
nslookup found my external name.
But I couldn't ping it.
And I couldn't reach it by IE6
some additional info to this:
When I tied this I had the following effect:
nslookup found my external name.
But I couldn't ping it.
And I couldn't reach it by IE6
_Jochen_:
> tell your internal DNS server the IP of the external DNS Servers for
> a Forwarding Lookup Zone.
> All unkown names will be forewarded to the external Servers.
That's not quite the whole story. Any request for a domain for which the DNS server doesn't have a cached response will be sent on to the forwarders UNLESS the DNS server itself is authoritative for that zone.
If the Internal domain zone is the same as one hosted elsewhere you will need to duplicate your "external" entries on your Internal DNS server.
LJowner: you could consider subdomain delegation for handling the subdomains, but the "mydomain.com" Internal zone will still need to have entries from your External one.
> tell your internal DNS server the IP of the external DNS Servers for
> a Forwarding Lookup Zone.
> All unkown names will be forewarded to the external Servers.
That's not quite the whole story. Any request for a domain for which the DNS server doesn't have a cached response will be sent on to the forwarders UNLESS the DNS server itself is authoritative for that zone.
If the Internal domain zone is the same as one hosted elsewhere you will need to duplicate your "external" entries on your Internal DNS server.
LJowner: you could consider subdomain delegation for handling the subdomains, but the "mydomain.com" Internal zone will still need to have entries from your External one.
ASKER
So I have to stick with my 1st comment:
All external xyz.mydomain.com (varying xyz) have to be entered manually at my local DNS server!?
This is not very satisfying.
It is ok for 1 or 2 servers outside.
But if you have to care for a bunch of it with changing entries on a nearly weekly basis this is an foreseeable error prone work.
No workaround?
No flash of inspiration folks?
All external xyz.mydomain.com (varying xyz) have to be entered manually at my local DNS server!?
This is not very satisfying.
It is ok for 1 or 2 servers outside.
But if you have to care for a bunch of it with changing entries on a nearly weekly basis this is an foreseeable error prone work.
No workaround?
No flash of inspiration folks?
JLoewner:
Sorry - the only "solution" is for you to be using a different DNS zone for your Internal network.
Sorry - the only "solution" is for you to be using a different DNS zone for your Internal network.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If the DNS server is configured to be authoritative for "mydomain.com" (which is is) then it won't refer to another DNS server if it doesn't have a record that matches the request.
Instead it'll just return that the record can't be found.
This is correct behaviour.
What you'll have to do is add "A" records to your Internal DNS zone on your server that points to the external IPs. For example "www.mydomain.com" A 1.2.3.4
Does that help?