Solved

Have DNS Conditional Forwarder, but need 1 IP Address to be different than the one being sent back

Posted on 2011-09-24
4
1,079 Views
Last Modified: 2012-05-12
I have a Conditional Forwarder built that points to domain.com (Im just going to use this as an example). Everything works on this, but when the users go to www.domain.com, we get rejected. When I  called the location, they told me we need to use their external IP to access this webpage and not their internal. Everything else they will allow. The problem is that the DNS conditional forwarder is sending back the companys internal IP which is being blocked by their firewall. What is the best way to make www.domain.com go to a different IP addresses then the one the conditional forwarder is sending back?

Thanks
0
Comment
Question by:pacermach
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:Tony Massa
Comment Utility
The only thing you can do is create a new DNS zone on your DNS server for www.domain.com and set the . Default record to the correct IP.

It MUST be a ZONE for the one host you want to be authoritative for.

This happens a lot when companies merge...I have done this exact thing before.
0
 

Author Comment

by:pacermach
Comment Utility
I appreciate your feedback. Could you be more specific on the process of doing this? I guess I just have never had to do this type of configuration so I just want to make sure I kno the exact process you just specified.

Thanks!!!
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 500 total points
Comment Utility
In you AD DNS, you have to create a new AD forward lookup DNS zone called www.domain.com

Your DNS will then be authoritative for that specific record.  Technically, it's a zone, but the clients won't differentiate.  This way, you effictively hijack that one specific DNS record

Here's the steps:

1.  Run DNS Management console
2.  On Forward Lookup Zones, right-click and  choose "New Zone"
3.  Call the new zone "www.domain.com"
4.  Leave the defaults (or configure to your liking) for which servers you want to host the zone
5.  You can decline "Dynamic Updates"
6.  When the new zone is created, create a "New Host (A)..." record
7. DO NOT put anything in the Name box  (Same As Parent) record will be created
8.  Enter the IP of the record and you're done

Now your DNS is now authoritative for the ONE record www.domain.com
1
 

Author Closing Comment

by:pacermach
Comment Utility
I havent made this specfic change, but we actually did this configuration for another use case at another site and it worked like a charm. We will be making this specific change next wee, but I have no doubt that it will work.. Thanks for the great solution!!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now