Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1135
  • Last Modified:

How to add specific DNS entries for internal/external dns links

We have our internal company dns name as companyname.com.  Unfortunately, that is is the same as our www.companyname.com external, ISP hosted website.  Thus, if we enter www.companyname.com, or companyname.com or ftp.companyname.com, our Windows 2003 DNS server tries to resolve these to an internal ID which does not exist.  companyname.com will resolve to our citrix server's internal IP address.

We can add these three entries to a workstation's hosts file, pointing to the 206.xxx.xxx.xxx address and that works just fine.  The proper way to handle this is to add entries to the Windows 2003 dns server.  We do not want to change our internal domain name (we are both windows and netware) to companyname.local or companyname.net as the changes are rather difficult.

I am also not very familiar with windows dns configuration.  We have forwarding setup and working and dynamic dns turned on at the workstation and that is working properly.  What is the correct way to add the three dns names identified to the Windows 2003 dns server, so when it resolves it replies with the external 206.xxx.xxx.xxx name instead of trying to resolve to an internal address.

Thanks,  Cliff.
0
cwsoft05
Asked:
cwsoft05
  • 6
  • 5
  • 2
  • +2
4 Solutions
 
tatwCommented:
You may simply launch the following on your dns server
>Administrator Tools> DNS
Right click the "companyname.com" zone and then choose "New Host". Just type the hostname you needed (www, ftp) and its Internet IP.
Please do not choose "Create associated pointer (PTR) record.
This will solve your problem.

However, please remind that do not use www or ftp as real host name inside your AD. If so the automatic dns registeration will add another host record to your dns server. So you will have www.yourcompany.com pointing to one internal ip and one Internet ip.

0
 
cwsoft05Author Commented:
Will do this.

Have on additional question.  If you type the url in IE simply as yourcompany.com, it will connect the port 80 of the domain controller which also has citrix loaded on it and yield the citrix web based login.  That machine name is actually xxxcitrix.yourcompany.com and not yourcompany.com.  Is it okay to also add this host name, simply yourcompany.com without a problem.

Thanks.
0
 
Netman66Commented:
Yourcompany.com entries are already there.  They are the (same as parent) entries on the root of the Forward Lookup Zones.

This is why it works right now.

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
cwsoft05Author Commented:
Yes, but if we don't use windows DNS and type yourcompany.com without the www. designation, it resolves automatically to www.yourcompany.com.  It we point to the windows DNS server instead, it points to the dns server/citrix server and pulls up the citrix web client interface.

That is not the way it works if we point only to isp dns servers at the workstation.  yourcompany.com resolved to the ISP host internet website.  If that is not possible when using the Windows 2003 server dns server, that is okay, but I want to verify that it can or cannot be.

Previously
  www.yourcompany.com ---->  internet 2xx.xxx.xxx.xxx
  ftp.yourcompay.com ------>     internet 2xx.xxx.xxx.xxx
  yourcompany.com  ------>       internet 2xx.xxx.xxx.xxx

Based on what you are saying after addition of entries
  www.yourcompany.com ---->  internet 2xx.xxx.xxx.xxx
  ftp.yourcompay.com ------>     internet 2xx.xxx.xxx.xxx
  yourcompany.com  ------>       internal 192.xxx.xxx.xxx which is internal IP of citrix server and dns server

Please clarify if the 3rd item can be address or cannot be address.  I.E, domain name specified without a computer name.  xxxx-citrix.yourcompany.com already resolves to 192.xxx.xxx.xxx.
 
0
 
Netman66Commented:
You shouldn't point anything inside your LAN to the ISP - use your own DNS server and Forwarders to the ISP.

Otherwise, your domain functionality is lost since the ISP DNS has no records for the internal AD environment.

If you point to your own DNS, then the second set of entries is correct provided you add the www and ftp HOST records to the domain forward zone.  No need to add line 3, it's there.

0
 
Netman66Commented:
I should clarify the 3rd entry a little.

The yourcompany.com entry is listed in the Forward Lookup zone for the domain for EACH DC you have.  As long as Round-Robin is turned off then it should take the first entry only.  If this is not your citrix server then you are going to have some issues with it since the domain name for AD will only resolve to a DC.

This is one of the primary reasons MS suggests you don't make the AD namespace the same as the public namespace.  It makes it difficult to manage what you are trying to do.


0
 
feptiasCommented:
> "if we don't use windows DNS and type yourcompany.com without the www. designation, it resolves automatically to www.yourcompany.com."

That will be because the public DNS server has a Host record for "yourcompany.com" not because it resolves automatically to www.yourcompany.com.

You should not try adding a Host record to your Windows DNS server for yourcompany.com. As Netman66 said, there is already an entry there and it points to the DC. Windows creates that entry and it would probably be very upset if you changed it to point to your external web site. Don't try it.
0
 
mcsweenSr. Network AdministratorCommented:
Simply stated; if you change the "yourcompany.com" records on internal DNS your clients will not be able to log in to AD.

Because you have a AD domain of yourcompany.com then you are stuck forcing people to use www.yourcompany.com to access the external website.
0
 
cwsoft05Author Commented:
Thanks.  You guys have cleared things up. We initially and still use netware as the main print/file server, windows for specific applications.  The individual who initially setup the citrix server on a single box containing dns and dc, setup yourcompany.com without considering the ramifications.  We are somewhat stuck with it unless rename it which does not appear to be very easy and based on review, somewhat prone to problems.

Thanks.
0
 
Netman66Commented:
If there's only this one DC, then just point all clients to it, setup the Forwarder to forward to the ISP and add those 2 records - you should be good to go.

You'll only run into an issue when you add another Windows DC - until then it will function as you expect.

0
 
cwsoft05Author Commented:
What issue would you mean with a second Windows DC.  We currently forward all unresolved items to ISP, except those that have yourcompany.com as the domain name.  We will add www.yourcompany.com and ftp.yourcompany.com as DSN entries pointing to the external internet IP address.  

What problems will this cause with a second DC.  Not being as familiar with windows, are you talking about, in netware terms, replicas of directory services.  Could you elaborate a bit.
0
 
Netman66Commented:
A second DC will add itself to the (same as parent) entries so that yourdomain.com will resolve to any DC (copy of AD) - and DNS will "round-robin" the responses for yourdomain.com between all the (same as parent) entries.  So your Citrix sever won't always be the one yourdomain.com will resolve to once there is more than one DC.  It really only impacts resolution of yourdomain.com - nothing else.


0
 
cwsoft05Author Commented:
Thanks.   Now I understand the implications of it.
0
 
mcsweenSr. Network AdministratorCommented:
You should just point your Citrix clients to

http://servername.domainname.com

This will aleviate any issues you might have with mulitple DC and Citrix.

This can automatically be added to the user's favorites through a Group Policy.

User Config | Windows Settings | Internet Explorer Maintenance | URLs | Favorites and Links
0
 
cwsoft05Author Commented:
Thanks.  We normally do not use citrix internally and when we do we use the IP address, but it is good to know.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 6
  • 5
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now