Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Name public internet address same as internal domain name?

Posted on 2004-11-25
13
Medium Priority
?
184 Views
Last Modified: 2010-04-14
Ok, if you have an internet presence for a website(like  microsoft.com), what do you call your internal Active Directory domain ?  Do you call it microsoft.com as well?

Or do you call it something like internal.microsoft.com and make it a child domain?

What is the best practice?


At work, our public website  is  state.md.us
And our domain name is called state.md.us
Is "state.md.us" just an address for our website?. And since our domain controller is internal, we can call it the same thing. Right?  Any complications to be made aware of (as far as DNS etc is concerned?)
thanks
0
Comment
Question by:dissolved
  • 6
  • 4
  • 3
13 Comments
 
LVL 11

Accepted Solution

by:
cfairley earned 1600 total points
ID: 12678425
Here is an awsome link that describes having a split DNS infrastructure.  I think this will answer just about all your questions.  Please post any additional questions.

http://www.tacteam.net/isaserverorg/spskit/9dnsinfrastructure/9dnsinfrastructure.htm

Thanks,
cfairley
0
 
LVL 11

Expert Comment

by:cfairley
ID: 12678430
BTW, hello dissolved.  We have worked together on some other DNS issues, so I'm sure this one can be figured out too.  I am also in the process puting together a one stop website for DNS and AD issues.
0
 

Author Comment

by:dissolved
ID: 12678847
Hi cfairley.  I read a bit on that article.

Looks like I will need two authorative DNS servers for the same domain name. I'm assuming they will both by primary/AD-integrated??  Each DNS server is authoritative for the same domain name, but each contains different RRs according to their respective roles as internal or external DNS servers (so says the article).

  From what I understand, dynamic DNS needs to be disabled on the external DNS. This is because queries destined for external DNS AND dynamic updates use the same tcp port (53). So you cannot filter 53 obviously. You must disable dynamic DNS. This is to prevent a malicious user from updating the hosts file and possibly poisoning it?

Say I have a website called dissolved.com.   My internal domain name is also dissolved.com. Will the configuration look something like this?




EXTERNAL DNS SERVER (ip: 68.34.76.6) (hosted by ISP)  Authorative for domain: dissolved.com
   |
   |
WAN
   |
   |
ROUTER
   |
   |
FIREWALL
   |
   |
FORWARDING DNS SERVER (ip= 192.168.3.2). (Authorative for domain dissolved.com. ) Resolves host names for the internal DNS server below. Anything it cant resolve,    it forwards to ip 68.34.76.5 (external DNS server).
   |
   |
FIREWALL
   |
   |
INTERNAL DNS  (ip = 192.168.4.2) Responsible for local name resolution.  Forwards DNS queries to the "forwarding DNS server" above if it cant find address.
   |
   |
CLIENTS
(ip = 192.168.4.5.  255.255.255.0    gateway= 192.168.4.1      dns    192.168.4.2)


0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 

Author Comment

by:dissolved
ID: 12678854
I think I have to make my internal forwarding DNS server Authorative for dissolved.com.  And my external DNS server (at ISP's) authorative for dissolved.com.

Please correct any misunderstandings, as I am sure there are some.
thanks
0
 
LVL 11

Expert Comment

by:cfairley
ID: 12678875
Everything looks pretty good except for the internal and external domain names being the same.  I think it recommended that they be different.  I think that's mentioned in the ariticle I sent.  Your internal DNS domain name should be something like dissolved.xxx.
0
 

Author Comment

by:dissolved
ID: 12678931
If they are different, then wont that defeat the purpose of split-DNS? I was under the assumption that your internal and external are to be the same. Hence users can address everything by one FQDN. I may be way out in left field on this one. But I thought that whats the article said?

Thanks for the assistance. Look forward to hopefully talking about it more tomorrow night!
0
 
LVL 31

Assisted Solution

by:Wayne Barron
Wayne Barron earned 400 total points
ID: 12678947
The "Internet & External" Domain Names, can be the same,
This is strickly by prefrence. Not by obbligation.

The Internet Domain name is not accessible to anyone outside of your Network.
Thought the External Domain Name is the same as the Internal, does not
mean that someone can access domain.com and access your internet network structor.

So, this is a prefrence deal.
Either have them both the same, Or change them.

A little advice.

When setting up the Internet Domain Name.
Lets say that you have a Mail Server, Web Server, FTP Server, DNS Server.
All these will know that . domain.com
is the primary domain controller.
So if you bring in another domain1.com (or) domain2.com and so on.
They will be considered "Child Domains" Of the "Primary Domain.com"

HTH
Carrzkiss
0
 

Author Comment

by:dissolved
ID: 12678974
Ok, i'm lost lol

so you can have your website named dissolved.com  and your internal named  private.com.
To do split DNS, you will need both an internal and external DNS server to be authorative for private.com

So basically, split DNS is made possible by authorative servers?


ps:
this is off topic. But are "forwarding" dns servers typically in the DMZ? Or are they usually in the same broadcast domain as the rest of the DNS internal servers.
thanks
0
 

Author Comment

by:dissolved
ID: 12682474
Ok I understand it now. Took a little bit of head hammering.
Thanks guys!
0
 
LVL 31

Expert Comment

by:Wayne Barron
ID: 12682522
Dag my spelling. All over my post I put.
Internet --- Suppose to be ----Internal :-(
Sorry about that.

Glad that I could be of assistance.

Carrzkiss
0
 

Author Comment

by:dissolved
ID: 12682582
no problem bro. Thanks for the help!
thanks to you too chris
0
 
LVL 11

Expert Comment

by:cfairley
ID: 12684470
Carrzkiss, you must be from the South, because the only other person I've heard use "Dag" is mother-in-law.  I'm from the South also.

Thanks dissolved.  BTW, you post excellent questions on EE!  Keep them comming.
0
 
LVL 31

Expert Comment

by:Wayne Barron
ID: 12684479
:-)
Southern Born and Breed.
Born in the Mountains of "Ashville NC" about 45 miles East of Tennessee.
Now live in "Sanford NC" in the Middle of "Raleigh, Charlotte & Fayetteville NC"

Take Care "cfairly"

Carrzkiss
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
MSSQL DB-maintenance also needs implementation of multiple activities. However, unprecedented errors can hamper the database management. In that case, deploying Stellar SQL Database Toolkit ensures fast and accurate database and backup repair as wel…
Integration Management Part 2
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses
Course of the Month20 days, 15 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question