DNS Delegation

Hello,

Can anyone tell me if it is possible to delegate a primary domain name on windows dns. I know it is possible to delegate a sub-domain, however this still means I have to make sure all the internal and external dns records match.

If this is not possible, can anyone tell me whether it is possible to add SOME of the subdomains to our internal dns, and if someone requests a sub-domain that is not in the list "go and look for it elsewhere". I thought this would be possible somehow by adding the external nameservers but this doesnt seem to work either.

My end goal is to use Windows Integrated Authentication on certain subdomains but not others. The problem with Integrated is that it doesnt work across a proxy server which is why we added our primary domain name to our internal dns servers in the first place, however the more subdomains we have, the more hassle it is to maintain the internal and external dns lists.

Any ideas anyone?

Thnaks in advance
partnershipdev
partnershipdevAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

the_b1ackfoxCIOCommented:
Sure it's possible.  You can master your own info and have an ISP act as your secondary.  Just make sure whomever you purchased your domain name from points your domain to your servers
0
partnershipdevAuthor Commented:
Hi,

Thanks for the quick respnse, however it is the opposite to what i want to do, i.e. the opposite way round. If our DNS internally fails it means our staff cant get access to a few websites which is not the end of the world, however it also means the rest of the world cant get to our websites which is not so great. We use NO-IP to host our external dns which has redundant name servers all over the world, again something we dont.

Any ideas on the opposite solution?

Cheers
partnershipdev
0
the_b1ackfoxCIOCommented:
You can still use NO-IP as I suggested.  Your internal DNS would be primary, NO-IP would be secondary...  If your internal DNS crashes, the rest of the world would still be able to get to your websites.  As far as the world is concerned, all they care about is the listing of a few DNS servers to find you.  They don't care which is primary or secondary.  You hold the primary locally, so updates are fed to the ISP, and list two of the ISP serves as your DNS from your domain records.  

Unless I am incorrect (hey, it happens, lol) You are trying to centralize your adminitrative efforts with DNS.  Split level DNS is the way to go.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

partnershipdevAuthor Commented:
Ok - see your point, and in which case i presume i would need to add our own nameserver at the beginning  of the list? Therefore the nameservers for ourdomain would be something like:

ns1.ournameserver.com
ns1.no-ip.com
..
..
..
ns5.no-ip.com

Again, i hate to put a spanner in the works, but i dont think our network administrators would be happy at all about opening up a route through our firewalls to our dns servers which are also our domain controllers. I dont know enough about the subject to list any potential risks, but im sure there are plenty. If its possible to split the dns so that the primary list is our internal and then the ISP is the secondary, is it not possible to do the reverse?

Thanks again
partnershipdev
0
the_b1ackfoxCIOCommented:
>> i presume i would need to add our own nameserver at the beginning  of the list?

From the domains perspective you wouldn't even list your DNS server.  Just the ISP's DNS servers.

From your perspective you only need to send DNS outbound to the ISP for updates, so the network admins shouldn't have too much of a problem with the request.  The ISP know that they receive updates from your server only.
0
partnershipdevAuthor Commented:
Ok. No-IP also provide us with monitoring for our domains - i'd have to look into how this would work. Come to think of it, im not actually sure No-ip support what you are talking about, i can point the nameservers of a domain name to their nameservers, i can dynamically/manually update hosts, but i dont think they will accept what is effectively a complete copy of our dns records for any domain name.
0
the_b1ackfoxCIOCommented:
They won't be getting a complete copy of the DNS records, only the records you specify (you don't forward any of the internal DNS records)  And it's pretty easy to setup.  Most ISP's do it in under 15 mnutes.  Once it is setup, they don't have to touch it, and it doesn't cause much traffic on their part.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.