Internal / External DNS Issue

Hi,

We have an external DNS providor for our real domain. This domain has a lot of sub domains.

What I want is to have an internal DNS for the same domain so that the internal version points to the local IP's and all other subdomains look at the external DNS.

Here's an example.

www.domain.com External IP (Don't need internal Entry)
intranet.domain.com Internal IP (Internal Addess 192.168.91.5)

I could probably achieve this but duplicating every A record internally I guess, but am hoping to avoid this. Is what i'm after possible.
LVL 18
PluckaAsked:
Who is Participating?
 
lukecaConnect With a Mentor Commented:
No, if you edit a host file on the server it will not propagate to the clients, host files are for the local machine they reside on only.  You don't say but I am assuming you are running a windows server.  When you open DNS you have forward lookup zones and reverse lookup zones.  Now normally you would create a forward lookup zone for domain.com, but in your case you do not want to takeover DNS for the whole domain.com zone, just subdomains.  So when you create a new zone, just create a zone for webmail.domain.com, then create an A record for the internal IP you want it to point to, but leave the host name blank, this creates a same as parent record.  Because you did not create a zone for "domain.com" DNS lookups will for other things related to domain.com, including domain.com will still be looked up externally.  Sorry I didn't not explain in more detail in my first post.  This really is very simple, don't over complicate it.
0
 
lukecaCommented:
Well you could not make a record for domain.com, and just make individual records for the subdomains you want, that would keep domains you don't define still looked up by the external server.
0
 
Danny_LaroucheCommented:
intranet.domain.com and www.domain.com are not subdomain, but hosts.

sub-domain is something like:  www.intranet.domain.com  (intranet would be a subdomain)

You just need to copy the external zone, then modify the records.

0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
rsivanandanCommented:
Do you have a PIX firewall which goes in the network where you do the 1-1 mapping ? If so, we could slightly change the configuration and you could achieve that. It is called DNS Doctoring.

http://rsivanandan.wordpress.com/2006/07/17/dns-doctoring/

Cheers,
Rajesh
0
 
PluckaAuthor Commented:
Ok,

My terms are wrong, they are hosts not subdomains.

I want to be able to just define the local hosts and have all the rest resolve to the real DNS server.

Is this possible without having every host defined. I don't have PIX firewall.
0
 
rsivanandanCommented:
hmm.. Then other than the DNS Alias records, you could create the entries for local host in 'hosts' file. Create one and deploy it to all the machines.

Cheers,
Rajesh
0
 
PluckaAuthor Commented:
Yeah,

I thought of that but it's ugly. Thought there might be a simple solution.
0
 
rsivanandanCommented:
Well, I know only of those 3 solutions. May be you can wait for some more time to see if someone comes up with something.

Cheers,
Rajesh
0
 
scrathcyboyCommented:
SOunds like you are trying to do the domain/subdomain translation for the hosts or subdomains on the inside of the network.  This is not the way it works -- although it can be done through a master webpage, believe me, it is more hassle than just setting up the subdomains on the providers setup.  They are called pointed domains, and you point each domain to a subdirectory on your server, and it is more reliable than the master webpage idea.  But I am not sure this is what you are trying to do, your description of what you want is not clear.
0
 
PluckaAuthor Commented:
It's quite simple.

I have a host

webmail.domain.com

When I try to browse this internally it loops at the firewall trying to go out and back in.

So internally I need

webmail.domain.com to go to a local ip, say 192.168.1.1

But I don't want to have to set up every external host for this domain internally as there is a lot of host A records & CNAME records.
0
 
scrathcyboyCommented:
AHA!!  Totally different than what I thought.

All you need do is add an entry into your HOSTS and LMHOSTS files like this --

webmail.domain.com   192.168.1.1

Do that in both files on the server, and you are DONE !!!  It is SO easy, and you can change it at any time.  Give it a little time to propagate on the local network, and in a day you will be getting where you want, and when you want to go out through the net, just comment out the entry.  This is the MS approved way of providing routing other than what is normal for the OS, and the TCP/IP topology.

The files are located in C:\WINDOWS\SYSTEM32\DRIVERS\ETC
0
 
PluckaAuthor Commented:
So I can do this on the server and all client computers will pick it up?
0
 
scrathcyboyCommented:
YES, all it takes is a little time to propagate, 30 mins for small network, 10+ hours for very big network.
0
 
PluckaAuthor Commented:
lukeca,

I'm not sure why I missed your first post or didn't understand it.

But this solution is sooo simple. Just tried it and it works perfectly. I didnt think HOSTS/LMHOSTS populated to clients.

This solution is also easier to administer and is visible through DNS rather in hidden files.

Fantastic.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.