Solved

dns issue

Posted on 2009-05-20
15
195 Views
Last Modified: 2012-05-07
AD integrated DNS on windows 2003 server.  website is hosted offsite.  want to be able to get to userpages built into website by going to username.domain.com.  outside of network this works just fine. inside the network the sites do not resolve.  any help would be appreciated.
0
Comment
Question by:jakgumbo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 18

Expert Comment

by:flyingsky
ID: 24434069
when you are inside of your network, are you about the resolve the domain name (username.domain.com) to IP address?
0
 
LVL 85

Expert Comment

by:oBdA
ID: 24434080
Your internal network is probably identical with your internet domain name. In this case, your only choice is to create individual host (A) entries "username" in your internal DNS zone, pointing to the respective external IP addresses.
0
 

Author Comment

by:jakgumbo
ID: 24434093
when i try to resolve username.domain.com  i get "host not found",  my internal domain is also domain.com
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:jakgumbo
ID: 24434102
@sage wow, there isnt a better way to do this?
0
 
LVL 18

Expert Comment

by:flyingsky
ID: 24434105
that's exatly what oBdA pointed out. all you need to do is set up a host record entry in your DNS, pointing username.domain.com to the correct public IP address
0
 

Author Comment

by:jakgumbo
ID: 24434119
so for 5000 users i would need to set this up individually for each person?
0
 
LVL 18

Expert Comment

by:flyingsky
ID: 24434128
no. only on your DNS server, not client
0
 

Author Comment

by:jakgumbo
ID: 24434205
right but on my dns server i need to add 5000 entries??
0
 
LVL 18

Expert Comment

by:flyingsky
ID: 24434307
well, if you have 5000 users, then that's not a good idea.
a way to work around is, you can setup another machine, which is NOT part of your AD domain, use ISP dns server, then remote control that machine to manage this.
0
 

Author Comment

by:jakgumbo
ID: 24434337
im not sure i understand you.  setup another machine, which is not part of my ad domain.....?
0
 
LVL 18

Expert Comment

by:flyingsky
ID: 24434357
I mean a stand alone machine, don't join to your AD domain.
0
 
LVL 1

Expert Comment

by:halonx
ID: 24434492
If all of the username.domain.com DNS entries need to point to the same IP address / hostname then setup a wildcard host on your AD server.  With the wildcard you can have *.domain.com forward to your other host and then for everything that you don't want to go to the host you can specify.

The host side doing the username.domain.com hosting would have to be able to handle a user not existing, but the URL exists( ie:  baduser.domain.com would resolve.. ).
0
 

Author Comment

by:jakgumbo
ID: 24434524
ok, i added a wildcard, but now when i do an nslookup domain.com  i get by active directory computers and the external IP address.
0
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 24434584
Moving that to a stand-alone machine won't help any; your domain members *HAVE* to use *EXCLUSIVELY* DNS servers that are authoritative for your AD domain name. A DNS server that is authoritative for a zone will, for the obvious reason, never forward any queries, because by definition, there can't be any records in that zone that this DNS server doesn't know.
Using a wildcard won't work for the reason you've just discovered: your AD dns name *HAS* to resolve to your DCs *ONLY*.
Renaming an AD domain isn't anything that's done lightly.
So if you want to avoid having to add 5000 host records (though you could automate that with dnscmd.exe), your only option is to move your external user sites to a subdomain, for example users.domain.com, and let the users go to username.users.domain.com.
Or redesign that external website, move it to something like users.domain.com, and let the users log on with their name.
0
 
LVL 18

Expert Comment

by:flyingsky
ID: 24434610
my suggestion is set up a stand alone machine (not part of any AD domain), make sure it can access the proper username.domain.com (that means it needs to use other DNS server, like ISP's, not the DNS server in the current AD domain). Then just remote control this machine to manage all 5000 of users.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question