• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 409
  • Last Modified:

Adding DNS entries (Windows 2003) for a Domain Name other than our Network Domain Name

This should be an interesting one - i've looked into this but can't see how to do this.

We have an internet domain name - lets say it's www.mydomain.com

We have a Windows Domain name on our network thats similar (just has an extra bit on it) - it is in the format company.mydomain.com

Now the interesting thing is this;

1) We have made a DNS entry (webmail.mydomain.com) which points to the external IP of our server.  The bosses PDA picks these emails up fine.

2) However when his PDA is in the office it doesn't pick up the emails - it needs to resolve internally to the LAN IP of our server.  Common sense would dictate I need to add a DNS entry into our server for webmail.ourdomain.com as being the 192.168.x.x Ip of our server.  However I cannot see how to do this - it will only let me add records for *.company.mydomain.com

Any idea how to get round this?  I suppose if I can find out it would be useful as I could then do more fancy things like put www.hotmail.com and so on into the DNS on our server to block non-experienced people from viewing websites they shouldn't be looking at.
0
wasc
Asked:
wasc
  • 2
  • 2
2 Solutions
 
rcheinCommented:
You will need to add another forward lookup zone to your Internal DNS server.  This zone wuold be "mydomain.com"  Then create your record for your email servers ip.
0
 
feptiasCommented:
It is probably too late to say this, but making your internal Windows domain as a sub-domain of your company's public internet domain name doesn't sound like a great idea to me. The usual naming convention for the Windows domain in this situation is mydomain.local (where the public Internet name is mydomain.com). Perhaps there is a good reason for selecting the names you've got, in which case I stand corrected and will say no more on the subject.

Are you aware that adding forward lookup zones to your internal DNS server (such as mydomain.com and hotmail.com) will mean that your DNS server is now taking responsibility for resolving all records for those zones for your internal users? That means your boss might be able to connect to the mail server with his PDA, but all your internal users will only be able to browse the company's web site on www.mydomain.com if you add the right host (A) records for www. In the case of hotmail.com you might block access to www.hotmail.com but you might also make it so your mail server can no longer send any mail to users on hotmail (only if it is using your internal DNS server).
0
 
wascAuthor Commented:
Thanks rchein,  I had realised I could do it this way but wanted to know if there was a better way of doing it for the reason feptias mentioned.  Just the ability to add one 'A' record in which wouldn't interfere with the others.  I'll leave this open a few days to see if there are any other suggestions and then give the points out.
0
 
feptiasCommented:
Hi wasc

It seems to be quite a common question that gets asked on EE: people who want be able to use their internal DNS server to somehow override just one or two host records on their public DNS domain name space, while allowing all other queries for that zone to be handled by the forwarder. Unfortunately, even using conditional forwarding, the choice is either to handle a zone locally or to forward all the queries to another DNS server.

You can use entries in the HOSTS file on each user's PC to override individual name lookups for a zone. Perhaps that would be the starting point for a solution, but your boss wants the same URL to resolve to two different IP addresses depending on whether he/she is in the office or outside.

Another line of enquiry might be to ask why the pda will not connect by effectively going out of your LAN through the router/firewall and then straight back in again on that public IP address. Some routers don't like this sort of "hairpinning", but maybe there are settings on the router/firewall that you can change to make it work (or can you use an alternative Default Gateway for the bosses pda to go out on - if you have the luxury of multiple gateways on your LAN).
0
 
wascAuthor Commented:
Thanks for the help guys.  I went with the option to make a new zone.  I am aware that it has made my server "authorative" so to speak for that zone as in feptias's comments but this is ok as I have added all the records in (www, mx, etc) manually.  These won't change without my knowledge anyway as I own both the domains.

Everything now working smoothly.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now