Solved

Have DNS Conditional Forwarder, but need 1 IP Address to be different than the one being sent back

Posted on 2011-09-24
4
1,265 Views
Last Modified: 2012-05-12
I have a Conditional Forwarder built that points to domain.com (Im just going to use this as an example). Everything works on this, but when the users go to www.domain.com, we get rejected. When I  called the location, they told me we need to use their external IP to access this webpage and not their internal. Everything else they will allow. The problem is that the DNS conditional forwarder is sending back the companys internal IP which is being blocked by their firewall. What is the best way to make www.domain.com go to a different IP addresses then the one the conditional forwarder is sending back?

Thanks
0
Comment
Question by:pacermach
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:Tony Massa
ID: 36595012
The only thing you can do is create a new DNS zone on your DNS server for www.domain.com and set the . Default record to the correct IP.

It MUST be a ZONE for the one host you want to be authoritative for.

This happens a lot when companies merge...I have done this exact thing before.
0
 

Author Comment

by:pacermach
ID: 36710710
I appreciate your feedback. Could you be more specific on the process of doing this? I guess I just have never had to do this type of configuration so I just want to make sure I kno the exact process you just specified.

Thanks!!!
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 500 total points
ID: 36711181
In you AD DNS, you have to create a new AD forward lookup DNS zone called www.domain.com

Your DNS will then be authoritative for that specific record.  Technically, it's a zone, but the clients won't differentiate.  This way, you effictively hijack that one specific DNS record

Here's the steps:

1.  Run DNS Management console
2.  On Forward Lookup Zones, right-click and  choose "New Zone"
3.  Call the new zone "www.domain.com"
4.  Leave the defaults (or configure to your liking) for which servers you want to host the zone
5.  You can decline "Dynamic Updates"
6.  When the new zone is created, create a "New Host (A)..." record
7. DO NOT put anything in the Name box  (Same As Parent) record will be created
8.  Enter the IP of the record and you're done

Now your DNS is now authoritative for the ONE record www.domain.com
1
 

Author Closing Comment

by:pacermach
ID: 36896414
I havent made this specfic change, but we actually did this configuration for another use case at another site and it worked like a charm. We will be making this specific change next wee, but I have no doubt that it will work.. Thanks for the great solution!!
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
A hard and fast method for reducing Active Directory Administrators members.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question