Adding DNS entries (Windows 2003) for a Domain Name other than our Network Domain Name

Posted on 2006-05-11
Last Modified: 2010-04-18
This should be an interesting one - i've looked into this but can't see how to do this.

We have an internet domain name - lets say it's

We have a Windows Domain name on our network thats similar (just has an extra bit on it) - it is in the format

Now the interesting thing is this;

1) We have made a DNS entry ( which points to the external IP of our server.  The bosses PDA picks these emails up fine.

2) However when his PDA is in the office it doesn't pick up the emails - it needs to resolve internally to the LAN IP of our server.  Common sense would dictate I need to add a DNS entry into our server for as being the 192.168.x.x Ip of our server.  However I cannot see how to do this - it will only let me add records for *

Any idea how to get round this?  I suppose if I can find out it would be useful as I could then do more fancy things like put and so on into the DNS on our server to block non-experienced people from viewing websites they shouldn't be looking at.
Question by:wasc
    LVL 3

    Accepted Solution

    You will need to add another forward lookup zone to your Internal DNS server.  This zone wuold be ""  Then create your record for your email servers ip.
    LVL 19

    Assisted Solution

    It is probably too late to say this, but making your internal Windows domain as a sub-domain of your company's public internet domain name doesn't sound like a great idea to me. The usual naming convention for the Windows domain in this situation is mydomain.local (where the public Internet name is Perhaps there is a good reason for selecting the names you've got, in which case I stand corrected and will say no more on the subject.

    Are you aware that adding forward lookup zones to your internal DNS server (such as and will mean that your DNS server is now taking responsibility for resolving all records for those zones for your internal users? That means your boss might be able to connect to the mail server with his PDA, but all your internal users will only be able to browse the company's web site on if you add the right host (A) records for www. In the case of you might block access to but you might also make it so your mail server can no longer send any mail to users on hotmail (only if it is using your internal DNS server).

    Author Comment

    Thanks rchein,  I had realised I could do it this way but wanted to know if there was a better way of doing it for the reason feptias mentioned.  Just the ability to add one 'A' record in which wouldn't interfere with the others.  I'll leave this open a few days to see if there are any other suggestions and then give the points out.
    LVL 19

    Expert Comment

    Hi wasc

    It seems to be quite a common question that gets asked on EE: people who want be able to use their internal DNS server to somehow override just one or two host records on their public DNS domain name space, while allowing all other queries for that zone to be handled by the forwarder. Unfortunately, even using conditional forwarding, the choice is either to handle a zone locally or to forward all the queries to another DNS server.

    You can use entries in the HOSTS file on each user's PC to override individual name lookups for a zone. Perhaps that would be the starting point for a solution, but your boss wants the same URL to resolve to two different IP addresses depending on whether he/she is in the office or outside.

    Another line of enquiry might be to ask why the pda will not connect by effectively going out of your LAN through the router/firewall and then straight back in again on that public IP address. Some routers don't like this sort of "hairpinning", but maybe there are settings on the router/firewall that you can change to make it work (or can you use an alternative Default Gateway for the bosses pda to go out on - if you have the luxury of multiple gateways on your LAN).

    Author Comment

    Thanks for the help guys.  I went with the option to make a new zone.  I am aware that it has made my server "authorative" so to speak for that zone as in feptias's comments but this is ok as I have added all the records in (www, mx, etc) manually.  These won't change without my knowledge anyway as I own both the domains.

    Everything now working smoothly.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now