• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 204
  • Last Modified:

dns issue

AD integrated DNS on windows 2003 server.  website is hosted offsite.  want to be able to get to userpages built into website by going to username.domain.com.  outside of network this works just fine. inside the network the sites do not resolve.  any help would be appreciated.
0
jakgumbo
Asked:
jakgumbo
  • 6
  • 6
  • 2
  • +1
1 Solution
 
flyingskyCommented:
when you are inside of your network, are you about the resolve the domain name (username.domain.com) to IP address?
0
 
oBdACommented:
Your internal network is probably identical with your internet domain name. In this case, your only choice is to create individual host (A) entries "username" in your internal DNS zone, pointing to the respective external IP addresses.
0
 
jakgumboAuthor Commented:
when i try to resolve username.domain.com  i get "host not found",  my internal domain is also domain.com
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
jakgumboAuthor Commented:
@sage wow, there isnt a better way to do this?
0
 
flyingskyCommented:
that's exatly what oBdA pointed out. all you need to do is set up a host record entry in your DNS, pointing username.domain.com to the correct public IP address
0
 
jakgumboAuthor Commented:
so for 5000 users i would need to set this up individually for each person?
0
 
flyingskyCommented:
no. only on your DNS server, not client
0
 
jakgumboAuthor Commented:
right but on my dns server i need to add 5000 entries??
0
 
flyingskyCommented:
well, if you have 5000 users, then that's not a good idea.
a way to work around is, you can setup another machine, which is NOT part of your AD domain, use ISP dns server, then remote control that machine to manage this.
0
 
jakgumboAuthor Commented:
im not sure i understand you.  setup another machine, which is not part of my ad domain.....?
0
 
flyingskyCommented:
I mean a stand alone machine, don't join to your AD domain.
0
 
halonxCommented:
If all of the username.domain.com DNS entries need to point to the same IP address / hostname then setup a wildcard host on your AD server.  With the wildcard you can have *.domain.com forward to your other host and then for everything that you don't want to go to the host you can specify.

The host side doing the username.domain.com hosting would have to be able to handle a user not existing, but the URL exists( ie:  baduser.domain.com would resolve.. ).
0
 
jakgumboAuthor Commented:
ok, i added a wildcard, but now when i do an nslookup domain.com  i get by active directory computers and the external IP address.
0
 
oBdACommented:
Moving that to a stand-alone machine won't help any; your domain members *HAVE* to use *EXCLUSIVELY* DNS servers that are authoritative for your AD domain name. A DNS server that is authoritative for a zone will, for the obvious reason, never forward any queries, because by definition, there can't be any records in that zone that this DNS server doesn't know.
Using a wildcard won't work for the reason you've just discovered: your AD dns name *HAS* to resolve to your DCs *ONLY*.
Renaming an AD domain isn't anything that's done lightly.
So if you want to avoid having to add 5000 host records (though you could automate that with dnscmd.exe), your only option is to move your external user sites to a subdomain, for example users.domain.com, and let the users go to username.users.domain.com.
Or redesign that external website, move it to something like users.domain.com, and let the users log on with their name.
0
 
flyingskyCommented:
my suggestion is set up a stand alone machine (not part of any AD domain), make sure it can access the proper username.domain.com (that means it needs to use other DNS server, like ISP's, not the DNS server in the current AD domain). Then just remote control this machine to manage all 5000 of users.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 6
  • 6
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now