Solved

Split DNS

Posted on 2009-05-06
7
375 Views
Last Modified: 2012-05-06
hey guys

I use my ISP's dns servers as the default. However, I would like to send all DNS queries for sampledomain.com to dns server x.x.x.x. My home network has a site to site VPN to x.x.x.x where all sampledomain.com resources are included.

In other words, any request for mail.sampledomain.com or spoint.sampledomain.com should be requested from x.x.x.x. Putting all these in the hosts file will be too cumbersome as I don't know all of them and there may be a few hundreds. Is there a program or windows functionality that can help me achieve this?

Thank you
0
Comment
Question by:billwharton
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 24320844
As you have AD, you also have an internal DNS.

This DNS should use forwarders to resolve external names. The DNS allows to setup different forwarders for different domains.

Your client should allways point to your internal DNS and never use external DNS as AD information is stored within DNS.

On a client, there is no way to seperate DNS requests to different servers. But what you can do is to config your VPN in that way, that during the VPN session, the DNS requests will go to your internal server, otherwise to the ISP, if no VPN connection is established.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24325356
By the sounds of it, if you're using your ISP DNS server then you can't have AD installed on the local network, otherwise it wouldn't function. Assuming that the DNS domain you want to access isn't publicly registered:

Bembi's suggestion about the VPN could work, depending on how the VPN is set up - if it's permanent router to router VPN then I don't think this would be an option. If it did work however, this would also mean ALL DNS traffic would be routed through the VPN.

If you have a server 2003 box on your home network, just install the DNS service on this. Point all your clients to it, and set up a forwarder for the other domain. All other requests will go out to the root hints. There is also DNS server software that is available for XP (I know of people using BIND on XP although i have never done it myself).

Other than that, you could set up a VMWare machine and run a DNS server on this (all available open source).
0
 
LVL 11

Author Comment

by:billwharton
ID: 24325421
bluntTony

If i get you right, i set up a dns server on windows 2003 server which i'm running as my regular everyday machine. Set up a forwarder for sampledomain.com and point it to x.x.x.x.

I didn't know i could set up a forwarder just for a single domain - i thought it's a forwarder for everything. Can you kindly confirm?
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 24325900
If you use a 2003 DNS server you can configure conditional forwarders.  These allow you to point all requests for a specific domain to a specific DNS servers.  If you want to continue to use your ISPs DNS servers aswell then configure "All other domains" to point to your ISPs DNS servers.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 250 total points
ID: 24326553
I assumed you have a server at your office, according to your zones selection. So I assumed, that you have a W2K3 server in your office and a client at home, right?

As W2K3 DNS is able to set domain based forwarders, your client not, the general idea is just to use your server to resolve everything. This of course includes, that all DNS traffic is routed through your VPN tunnel, as your server can resolve internal as well as external names.

Additional to your server DNS, you can also use DHCP to assign all settings to your client as long as the VPN connection is established. This allows to use your provider settings as long as you are not connected, and as far as you establish the VPN connection, these settings will taken over so you can resolve all names.

This way, (typical Laptop configuration), you use the services dependend from your connection status.

If you use a normal PC, which is always connected via the VPN line, you can also assign fixed settings. In that case route DNS request through your server. How web requests and other traffic is handled, depends on the browser proxy settings, they can also pass your server or bypass the vpn tunnel, dependend from your default gateway and how VPN is established.

The routers usually also provide routing tables, where you can setup, which targets are routed via which interface. What you normally cannot do is port based (outgoing) routing. And also you can not forward on single port (i.e. DNS) to different targets. This functionality, to forward DNS requests to different targets dependend from the requested name is a dedicated functionality of (Win2K3) DNS servers.
 
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 250 total points
ID: 24326745
No you can set up conditional forwarders. In the DNS console, go to the properties of the server. See the screenshot. This shows I have two conditional forwarders set up for two different domains. You can then either forward 'all other domains' to your ISP (recommended) or get your server to query root hints.
Snap1.jpg
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24327050
The advantage of forwarding queries to 'All other DNS Domains' to your ISP DNS server is that it's getting the ISP server to do the work. When you forward to another DNS server, this is a recursive query, basically saying 'get me the IP for this name, and don't come back until you have'. The DNS server then has to traverse down the DNS 'tree' to find the IP address.

If you don't set up a forwarder for 'All other DNS domains', your DNS server will busy itself with iterative queries, by querying the servers detailed on the 'Root Hints' and following the referrals it gets.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question