[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Using DNS to point certain domains to certain IPs

Posted on 2006-05-07
11
Medium Priority
?
196 Views
Last Modified: 2010-04-18
Sorry about the obscure title.  Here's what I want to accomplish.

I want internal users who access mail.domainname.com to resolve to 192.168.1.1 and all other domainname.com requests to resolve to the public IP address.  How do I accomplish this?

I've created a new zone called domainname.com and added a Host (A) record mail.  Then when I ping mail.domainname.com it points to 192.168.1.1, but then if I try let's say sub.domainname.com it doesnt resolve properly.

Any ideas? Thanks
0
Comment
Question by:myfootsmells
  • 6
  • 4
11 Comments
 
LVL 5

Author Comment

by:myfootsmells
ID: 16628146
i should clairfy.  my internal domain name is actually domainname.local.  So i created a new zone called domainname.com and added the Host "mail" in there.  now when i ping mail.domainname.com itll resolve to the internal IP but any other subdomains of domainname.com wont resolve.
0
 
LVL 19

Expert Comment

by:feptias
ID: 16628739
Do you mean other hosts within domainname.com or hosts within sub-domains of domainname.com?

(www.domainname.com would be an example of another host within domainname.com, but www.sub.domainname.com would be a host within a sub-domain).
0
 
LVL 5

Author Comment

by:myfootsmells
ID: 16628878
i want internal users who acccess mail.acme.com to use the internal IP address.  i want internal users who access ftp.acme.com www.acme.com hello.acme.com to use the public IP address.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 19

Expert Comment

by:feptias
ID: 16628985
Then I think it will require some manual setup:
How many additional hosts like ftp, www etc are there? If just a few then you could simply add extra host records for them within the newly created DNS forward lookup zone.

If it is loads, then an alternative strategy would be to add a line to the hosts file on every user's computers for mail.domainname.com and remove that new zone you just created on your internal DNS server.

It depends which is more work, but the easier option if you have a lot of users is probably just to add a few more host records to the DNS zone for those other servers. Your DNS forward lookup zone can have host records that point to IP addresses outside your LAN as well as inside.
0
 
LVL 9

Expert Comment

by:dooleydog
ID: 16629976
The answer is:

Conditional forwarding, see link for an explanation.

http://support.microsoft.com/kb/304491

Good Luck,

0
 
LVL 19

Expert Comment

by:feptias
ID: 16630355
dooleydog, please read all the comments, not just the original question.

The author of the question confirmed that he doesn't actually have a sub-domain, just wants to use an internal IP for one host while using the public IP addresses for all other hosts so conditional forwarding can't be used (IMHO).
0
 
LVL 5

Author Comment

by:myfootsmells
ID: 16632189
I was afraid that I'd have to either alter the HOSTS file or manually enter A records.  Isn't there a way for me to create an acme.com zone and just add a mail A record pointing to my internal IP and have all other requests to acme.com use my forwarder that i've configured?

and once it has those IPs to automatically cache them into the zone?
0
 
LVL 19

Accepted Solution

by:
feptias earned 300 total points
ID: 16632448
You probably already have a public DNS record for mail.acme.com that is used in conjunction with MX records on the public DNS to find your mail server. If so, then you can't go making changes to that record on the public DNS without messing up your incoming e-mail. (Well actually you would have the option of changing the mail server host record and all the MX records that point to it so that the name mail.acme.com could be used without ill effect).

However, let us assume that you will choose a host name that does not match an existing name on the public DNS (e.g. intmail.acme.com) then you might be able to use a CNAME record to point to a host record in your .local domain. It would be somewhat unorthodox and probably is not recommended practice, but just might work. It would also depend on your being able to add the CNAME record to the public DNS server hosting acme.com. What I am suggesting is that you have a Host (A) record on your internal DNS called mail.acme.local and then have a CNAME on your public DNS server called intmail.acme.com which points to mail.acme.local which resolves to your internal IP address. The CNAME record would only be resolvable by people on your LAN, not by anyone or any DNS server on the Internet. I haven't tried this trick so it may be a non-runner, but otherwise I'm out of ideas for DNS.

(Another possibility to consider: Can't you use group policies to put that entry into the hosts file on all your user's workstations?)
0
 
LVL 5

Author Comment

by:myfootsmells
ID: 16652318
Solution that I used was to have internal users acccess antoher URL.

Taking suggestions on how to give point value as no solution was given that solved the issue.
0
 
LVL 19

Expert Comment

by:feptias
ID: 16652527
That's your call.

I tried damned hard to answer the question as you asked it, including clarifying some ambiguities in the question. Using another URL seems to me to not be within the constraints that you specified in the question.

Good luck.

0
 
LVL 19

Expert Comment

by:feptias
ID: 16667028
Just for the record, a quick postscript on the CNAME suggestion:
This only works if recursion is allowed on the internal DNS server for the Forwarders - i.e. you must *not* tick the box that says "Do not use recursion for this domain". Otherwise the public DNS server is being asked to resolve the name pointed to by the CNAME record, which it cannot do.

If you don't want to allow recursion generally on forwarders then you can add a conditional forwarder just for your public Internet domain name and allow recursion on that, but disable recursion on the forwarder settings for "All other DNS domains".
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question