Solved

Internal / External DNS Issue

Posted on 2006-07-21
14
354 Views
Last Modified: 2010-03-19
Hi,

We have an external DNS providor for our real domain. This domain has a lot of sub domains.

What I want is to have an internal DNS for the same domain so that the internal version points to the local IP's and all other subdomains look at the external DNS.

Here's an example.

www.domain.com External IP (Don't need internal Entry)
intranet.domain.com Internal IP (Internal Addess 192.168.91.5)

I could probably achieve this but duplicating every A record internally I guess, but am hoping to avoid this. Is what i'm after possible.
0
Comment
Question by:Plucka
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 7

Expert Comment

by:lukeca
ID: 17158791
Well you could not make a record for domain.com, and just make individual records for the subdomains you want, that would keep domains you don't define still looked up by the external server.
0
 
LVL 8

Expert Comment

by:Danny_Larouche
ID: 17158827
intranet.domain.com and www.domain.com are not subdomain, but hosts.

sub-domain is something like:  www.intranet.domain.com  (intranet would be a subdomain)

You just need to copy the external zone, then modify the records.

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17158828
Do you have a PIX firewall which goes in the network where you do the 1-1 mapping ? If so, we could slightly change the configuration and you could achieve that. It is called DNS Doctoring.

http://rsivanandan.wordpress.com/2006/07/17/dns-doctoring/

Cheers,
Rajesh
0
 
LVL 18

Author Comment

by:Plucka
ID: 17158842
Ok,

My terms are wrong, they are hosts not subdomains.

I want to be able to just define the local hosts and have all the rest resolve to the real DNS server.

Is this possible without having every host defined. I don't have PIX firewall.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17158851
hmm.. Then other than the DNS Alias records, you could create the entries for local host in 'hosts' file. Create one and deploy it to all the machines.

Cheers,
Rajesh
0
 
LVL 18

Author Comment

by:Plucka
ID: 17158855
Yeah,

I thought of that but it's ugly. Thought there might be a simple solution.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17158866
Well, I know only of those 3 solutions. May be you can wait for some more time to see if someone comes up with something.

Cheers,
Rajesh
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 44

Expert Comment

by:scrathcyboy
ID: 17161564
SOunds like you are trying to do the domain/subdomain translation for the hosts or subdomains on the inside of the network.  This is not the way it works -- although it can be done through a master webpage, believe me, it is more hassle than just setting up the subdomains on the providers setup.  They are called pointed domains, and you point each domain to a subdirectory on your server, and it is more reliable than the master webpage idea.  But I am not sure this is what you are trying to do, your description of what you want is not clear.
0
 
LVL 18

Author Comment

by:Plucka
ID: 17161630
It's quite simple.

I have a host

webmail.domain.com

When I try to browse this internally it loops at the firewall trying to go out and back in.

So internally I need

webmail.domain.com to go to a local ip, say 192.168.1.1

But I don't want to have to set up every external host for this domain internally as there is a lot of host A records & CNAME records.
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 17161664
AHA!!  Totally different than what I thought.

All you need do is add an entry into your HOSTS and LMHOSTS files like this --

webmail.domain.com   192.168.1.1

Do that in both files on the server, and you are DONE !!!  It is SO easy, and you can change it at any time.  Give it a little time to propagate on the local network, and in a day you will be getting where you want, and when you want to go out through the net, just comment out the entry.  This is the MS approved way of providing routing other than what is normal for the OS, and the TCP/IP topology.

The files are located in C:\WINDOWS\SYSTEM32\DRIVERS\ETC
0
 
LVL 18

Author Comment

by:Plucka
ID: 17161709
So I can do this on the server and all client computers will pick it up?
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 17161744
YES, all it takes is a little time to propagate, 30 mins for small network, 10+ hours for very big network.
0
 
LVL 7

Accepted Solution

by:
lukeca earned 500 total points
ID: 17161784
No, if you edit a host file on the server it will not propagate to the clients, host files are for the local machine they reside on only.  You don't say but I am assuming you are running a windows server.  When you open DNS you have forward lookup zones and reverse lookup zones.  Now normally you would create a forward lookup zone for domain.com, but in your case you do not want to takeover DNS for the whole domain.com zone, just subdomains.  So when you create a new zone, just create a zone for webmail.domain.com, then create an A record for the internal IP you want it to point to, but leave the host name blank, this creates a same as parent record.  Because you did not create a zone for "domain.com" DNS lookups will for other things related to domain.com, including domain.com will still be looked up externally.  Sorry I didn't not explain in more detail in my first post.  This really is very simple, don't over complicate it.
0
 
LVL 18

Author Comment

by:Plucka
ID: 17162062
lukeca,

I'm not sure why I missed your first post or didn't understand it.

But this solution is sooo simple. Just tried it and it works perfectly. I didnt think HOSTS/LMHOSTS populated to clients.

This solution is also easier to administer and is visible through DNS rather in hidden files.

Fantastic.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now