Solved

Split DNS

Posted on 2009-05-06
7
370 Views
Last Modified: 2012-05-06
hey guys

I use my ISP's dns servers as the default. However, I would like to send all DNS queries for sampledomain.com to dns server x.x.x.x. My home network has a site to site VPN to x.x.x.x where all sampledomain.com resources are included.

In other words, any request for mail.sampledomain.com or spoint.sampledomain.com should be requested from x.x.x.x. Putting all these in the hosts file will be too cumbersome as I don't know all of them and there may be a few hundreds. Is there a program or windows functionality that can help me achieve this?

Thank you
0
Comment
Question by:billwharton
7 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 24320844
As you have AD, you also have an internal DNS.

This DNS should use forwarders to resolve external names. The DNS allows to setup different forwarders for different domains.

Your client should allways point to your internal DNS and never use external DNS as AD information is stored within DNS.

On a client, there is no way to seperate DNS requests to different servers. But what you can do is to config your VPN in that way, that during the VPN session, the DNS requests will go to your internal server, otherwise to the ISP, if no VPN connection is established.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24325356
By the sounds of it, if you're using your ISP DNS server then you can't have AD installed on the local network, otherwise it wouldn't function. Assuming that the DNS domain you want to access isn't publicly registered:

Bembi's suggestion about the VPN could work, depending on how the VPN is set up - if it's permanent router to router VPN then I don't think this would be an option. If it did work however, this would also mean ALL DNS traffic would be routed through the VPN.

If you have a server 2003 box on your home network, just install the DNS service on this. Point all your clients to it, and set up a forwarder for the other domain. All other requests will go out to the root hints. There is also DNS server software that is available for XP (I know of people using BIND on XP although i have never done it myself).

Other than that, you could set up a VMWare machine and run a DNS server on this (all available open source).
0
 
LVL 11

Author Comment

by:billwharton
ID: 24325421
bluntTony

If i get you right, i set up a dns server on windows 2003 server which i'm running as my regular everyday machine. Set up a forwarder for sampledomain.com and point it to x.x.x.x.

I didn't know i could set up a forwarder just for a single domain - i thought it's a forwarder for everything. Can you kindly confirm?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 24325900
If you use a 2003 DNS server you can configure conditional forwarders.  These allow you to point all requests for a specific domain to a specific DNS servers.  If you want to continue to use your ISPs DNS servers aswell then configure "All other domains" to point to your ISPs DNS servers.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 250 total points
ID: 24326553
I assumed you have a server at your office, according to your zones selection. So I assumed, that you have a W2K3 server in your office and a client at home, right?

As W2K3 DNS is able to set domain based forwarders, your client not, the general idea is just to use your server to resolve everything. This of course includes, that all DNS traffic is routed through your VPN tunnel, as your server can resolve internal as well as external names.

Additional to your server DNS, you can also use DHCP to assign all settings to your client as long as the VPN connection is established. This allows to use your provider settings as long as you are not connected, and as far as you establish the VPN connection, these settings will taken over so you can resolve all names.

This way, (typical Laptop configuration), you use the services dependend from your connection status.

If you use a normal PC, which is always connected via the VPN line, you can also assign fixed settings. In that case route DNS request through your server. How web requests and other traffic is handled, depends on the browser proxy settings, they can also pass your server or bypass the vpn tunnel, dependend from your default gateway and how VPN is established.

The routers usually also provide routing tables, where you can setup, which targets are routed via which interface. What you normally cannot do is port based (outgoing) routing. And also you can not forward on single port (i.e. DNS) to different targets. This functionality, to forward DNS requests to different targets dependend from the requested name is a dedicated functionality of (Win2K3) DNS servers.
 
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 250 total points
ID: 24326745
No you can set up conditional forwarders. In the DNS console, go to the properties of the server. See the screenshot. This shows I have two conditional forwarders set up for two different domains. You can then either forward 'all other domains' to your ISP (recommended) or get your server to query root hints.
Snap1.jpg
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24327050
The advantage of forwarding queries to 'All other DNS Domains' to your ISP DNS server is that it's getting the ISP server to do the work. When you forward to another DNS server, this is a recursive query, basically saying 'get me the IP for this name, and don't come back until you have'. The DNS server then has to traverse down the DNS 'tree' to find the IP address.

If you don't set up a forwarder for 'All other DNS domains', your DNS server will busy itself with iterative queries, by querying the servers detailed on the 'Root Hints' and following the referrals it gets.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now