Solved

Split DNS

Posted on 2009-05-06
7
371 Views
Last Modified: 2012-05-06
hey guys

I use my ISP's dns servers as the default. However, I would like to send all DNS queries for sampledomain.com to dns server x.x.x.x. My home network has a site to site VPN to x.x.x.x where all sampledomain.com resources are included.

In other words, any request for mail.sampledomain.com or spoint.sampledomain.com should be requested from x.x.x.x. Putting all these in the hosts file will be too cumbersome as I don't know all of them and there may be a few hundreds. Is there a program or windows functionality that can help me achieve this?

Thank you
0
Comment
Question by:billwharton
7 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 24320844
As you have AD, you also have an internal DNS.

This DNS should use forwarders to resolve external names. The DNS allows to setup different forwarders for different domains.

Your client should allways point to your internal DNS and never use external DNS as AD information is stored within DNS.

On a client, there is no way to seperate DNS requests to different servers. But what you can do is to config your VPN in that way, that during the VPN session, the DNS requests will go to your internal server, otherwise to the ISP, if no VPN connection is established.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24325356
By the sounds of it, if you're using your ISP DNS server then you can't have AD installed on the local network, otherwise it wouldn't function. Assuming that the DNS domain you want to access isn't publicly registered:

Bembi's suggestion about the VPN could work, depending on how the VPN is set up - if it's permanent router to router VPN then I don't think this would be an option. If it did work however, this would also mean ALL DNS traffic would be routed through the VPN.

If you have a server 2003 box on your home network, just install the DNS service on this. Point all your clients to it, and set up a forwarder for the other domain. All other requests will go out to the root hints. There is also DNS server software that is available for XP (I know of people using BIND on XP although i have never done it myself).

Other than that, you could set up a VMWare machine and run a DNS server on this (all available open source).
0
 
LVL 11

Author Comment

by:billwharton
ID: 24325421
bluntTony

If i get you right, i set up a dns server on windows 2003 server which i'm running as my regular everyday machine. Set up a forwarder for sampledomain.com and point it to x.x.x.x.

I didn't know i could set up a forwarder just for a single domain - i thought it's a forwarder for everything. Can you kindly confirm?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 24325900
If you use a 2003 DNS server you can configure conditional forwarders.  These allow you to point all requests for a specific domain to a specific DNS servers.  If you want to continue to use your ISPs DNS servers aswell then configure "All other domains" to point to your ISPs DNS servers.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 250 total points
ID: 24326553
I assumed you have a server at your office, according to your zones selection. So I assumed, that you have a W2K3 server in your office and a client at home, right?

As W2K3 DNS is able to set domain based forwarders, your client not, the general idea is just to use your server to resolve everything. This of course includes, that all DNS traffic is routed through your VPN tunnel, as your server can resolve internal as well as external names.

Additional to your server DNS, you can also use DHCP to assign all settings to your client as long as the VPN connection is established. This allows to use your provider settings as long as you are not connected, and as far as you establish the VPN connection, these settings will taken over so you can resolve all names.

This way, (typical Laptop configuration), you use the services dependend from your connection status.

If you use a normal PC, which is always connected via the VPN line, you can also assign fixed settings. In that case route DNS request through your server. How web requests and other traffic is handled, depends on the browser proxy settings, they can also pass your server or bypass the vpn tunnel, dependend from your default gateway and how VPN is established.

The routers usually also provide routing tables, where you can setup, which targets are routed via which interface. What you normally cannot do is port based (outgoing) routing. And also you can not forward on single port (i.e. DNS) to different targets. This functionality, to forward DNS requests to different targets dependend from the requested name is a dedicated functionality of (Win2K3) DNS servers.
 
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 250 total points
ID: 24326745
No you can set up conditional forwarders. In the DNS console, go to the properties of the server. See the screenshot. This shows I have two conditional forwarders set up for two different domains. You can then either forward 'all other domains' to your ISP (recommended) or get your server to query root hints.
Snap1.jpg
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24327050
The advantage of forwarding queries to 'All other DNS Domains' to your ISP DNS server is that it's getting the ISP server to do the work. When you forward to another DNS server, this is a recursive query, basically saying 'get me the IP for this name, and don't come back until you have'. The DNS server then has to traverse down the DNS 'tree' to find the IP address.

If you don't set up a forwarder for 'All other DNS domains', your DNS server will busy itself with iterative queries, by querying the servers detailed on the 'Root Hints' and following the referrals it gets.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question