Solved

Split DNS

Posted on 2009-05-06
7
369 Views
Last Modified: 2012-05-06
hey guys

I use my ISP's dns servers as the default. However, I would like to send all DNS queries for sampledomain.com to dns server x.x.x.x. My home network has a site to site VPN to x.x.x.x where all sampledomain.com resources are included.

In other words, any request for mail.sampledomain.com or spoint.sampledomain.com should be requested from x.x.x.x. Putting all these in the hosts file will be too cumbersome as I don't know all of them and there may be a few hundreds. Is there a program or windows functionality that can help me achieve this?

Thank you
0
Comment
Question by:billwharton
7 Comments
 
LVL 35

Expert Comment

by:Bembi
Comment Utility
As you have AD, you also have an internal DNS.

This DNS should use forwarders to resolve external names. The DNS allows to setup different forwarders for different domains.

Your client should allways point to your internal DNS and never use external DNS as AD information is stored within DNS.

On a client, there is no way to seperate DNS requests to different servers. But what you can do is to config your VPN in that way, that during the VPN session, the DNS requests will go to your internal server, otherwise to the ISP, if no VPN connection is established.
0
 
LVL 27

Expert Comment

by:bluntTony
Comment Utility
By the sounds of it, if you're using your ISP DNS server then you can't have AD installed on the local network, otherwise it wouldn't function. Assuming that the DNS domain you want to access isn't publicly registered:

Bembi's suggestion about the VPN could work, depending on how the VPN is set up - if it's permanent router to router VPN then I don't think this would be an option. If it did work however, this would also mean ALL DNS traffic would be routed through the VPN.

If you have a server 2003 box on your home network, just install the DNS service on this. Point all your clients to it, and set up a forwarder for the other domain. All other requests will go out to the root hints. There is also DNS server software that is available for XP (I know of people using BIND on XP although i have never done it myself).

Other than that, you could set up a VMWare machine and run a DNS server on this (all available open source).
0
 
LVL 11

Author Comment

by:billwharton
Comment Utility
bluntTony

If i get you right, i set up a dns server on windows 2003 server which i'm running as my regular everyday machine. Set up a forwarder for sampledomain.com and point it to x.x.x.x.

I didn't know i could set up a forwarder just for a single domain - i thought it's a forwarder for everything. Can you kindly confirm?
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 5

Expert Comment

by:MSE-JNegus
Comment Utility
If you use a 2003 DNS server you can configure conditional forwarders.  These allow you to point all requests for a specific domain to a specific DNS servers.  If you want to continue to use your ISPs DNS servers aswell then configure "All other domains" to point to your ISPs DNS servers.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 250 total points
Comment Utility
I assumed you have a server at your office, according to your zones selection. So I assumed, that you have a W2K3 server in your office and a client at home, right?

As W2K3 DNS is able to set domain based forwarders, your client not, the general idea is just to use your server to resolve everything. This of course includes, that all DNS traffic is routed through your VPN tunnel, as your server can resolve internal as well as external names.

Additional to your server DNS, you can also use DHCP to assign all settings to your client as long as the VPN connection is established. This allows to use your provider settings as long as you are not connected, and as far as you establish the VPN connection, these settings will taken over so you can resolve all names.

This way, (typical Laptop configuration), you use the services dependend from your connection status.

If you use a normal PC, which is always connected via the VPN line, you can also assign fixed settings. In that case route DNS request through your server. How web requests and other traffic is handled, depends on the browser proxy settings, they can also pass your server or bypass the vpn tunnel, dependend from your default gateway and how VPN is established.

The routers usually also provide routing tables, where you can setup, which targets are routed via which interface. What you normally cannot do is port based (outgoing) routing. And also you can not forward on single port (i.e. DNS) to different targets. This functionality, to forward DNS requests to different targets dependend from the requested name is a dedicated functionality of (Win2K3) DNS servers.
 
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 250 total points
Comment Utility
No you can set up conditional forwarders. In the DNS console, go to the properties of the server. See the screenshot. This shows I have two conditional forwarders set up for two different domains. You can then either forward 'all other domains' to your ISP (recommended) or get your server to query root hints.
Snap1.jpg
0
 
LVL 27

Expert Comment

by:bluntTony
Comment Utility
The advantage of forwarding queries to 'All other DNS Domains' to your ISP DNS server is that it's getting the ISP server to do the work. When you forward to another DNS server, this is a recursive query, basically saying 'get me the IP for this name, and don't come back until you have'. The DNS server then has to traverse down the DNS 'tree' to find the IP address.

If you don't set up a forwarder for 'All other DNS domains', your DNS server will busy itself with iterative queries, by querying the servers detailed on the 'Root Hints' and following the referrals it gets.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now