[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

DNS Delegation

Posted on 2008-01-28
7
Medium Priority
?
356 Views
Last Modified: 2010-04-20
Hello,

Can anyone tell me if it is possible to delegate a primary domain name on windows dns. I know it is possible to delegate a sub-domain, however this still means I have to make sure all the internal and external dns records match.

If this is not possible, can anyone tell me whether it is possible to add SOME of the subdomains to our internal dns, and if someone requests a sub-domain that is not in the list "go and look for it elsewhere". I thought this would be possible somehow by adding the external nameservers but this doesnt seem to work either.

My end goal is to use Windows Integrated Authentication on certain subdomains but not others. The problem with Integrated is that it doesnt work across a proxy server which is why we added our primary domain name to our internal dns servers in the first place, however the more subdomains we have, the more hassle it is to maintain the internal and external dns lists.

Any ideas anyone?

Thnaks in advance
partnershipdev
0
Comment
Question by:partnershipdev
  • 4
  • 3
7 Comments
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20760376
Sure it's possible.  You can master your own info and have an ISP act as your secondary.  Just make sure whomever you purchased your domain name from points your domain to your servers
0
 

Author Comment

by:partnershipdev
ID: 20760422
Hi,

Thanks for the quick respnse, however it is the opposite to what i want to do, i.e. the opposite way round. If our DNS internally fails it means our staff cant get access to a few websites which is not the end of the world, however it also means the rest of the world cant get to our websites which is not so great. We use NO-IP to host our external dns which has redundant name servers all over the world, again something we dont.

Any ideas on the opposite solution?

Cheers
partnershipdev
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20760543
You can still use NO-IP as I suggested.  Your internal DNS would be primary, NO-IP would be secondary...  If your internal DNS crashes, the rest of the world would still be able to get to your websites.  As far as the world is concerned, all they care about is the listing of a few DNS servers to find you.  They don't care which is primary or secondary.  You hold the primary locally, so updates are fed to the ISP, and list two of the ISP serves as your DNS from your domain records.  

Unless I am incorrect (hey, it happens, lol) You are trying to centralize your adminitrative efforts with DNS.  Split level DNS is the way to go.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 

Author Comment

by:partnershipdev
ID: 20760611
Ok - see your point, and in which case i presume i would need to add our own nameserver at the beginning  of the list? Therefore the nameservers for ourdomain would be something like:

ns1.ournameserver.com
ns1.no-ip.com
..
..
..
ns5.no-ip.com

Again, i hate to put a spanner in the works, but i dont think our network administrators would be happy at all about opening up a route through our firewalls to our dns servers which are also our domain controllers. I dont know enough about the subject to list any potential risks, but im sure there are plenty. If its possible to split the dns so that the primary list is our internal and then the ISP is the secondary, is it not possible to do the reverse?

Thanks again
partnershipdev
0
 
LVL 9

Expert Comment

by:the_b1ackfox
ID: 20760949
>> i presume i would need to add our own nameserver at the beginning  of the list?

From the domains perspective you wouldn't even list your DNS server.  Just the ISP's DNS servers.

From your perspective you only need to send DNS outbound to the ISP for updates, so the network admins shouldn't have too much of a problem with the request.  The ISP know that they receive updates from your server only.
0
 

Author Comment

by:partnershipdev
ID: 20761033
Ok. No-IP also provide us with monitoring for our domains - i'd have to look into how this would work. Come to think of it, im not actually sure No-ip support what you are talking about, i can point the nameservers of a domain name to their nameservers, i can dynamically/manually update hosts, but i dont think they will accept what is effectively a complete copy of our dns records for any domain name.
0
 
LVL 9

Accepted Solution

by:
the_b1ackfox earned 1500 total points
ID: 20761082
They won't be getting a complete copy of the DNS records, only the records you specify (you don't forward any of the internal DNS records)  And it's pretty easy to setup.  Most ISP's do it in under 15 mnutes.  Once it is setup, they don't have to touch it, and it doesn't cause much traffic on their part.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
Know what services you can and cannot, should and should not combine on your server.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question