[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Have DNS Conditional Forwarder, but need 1 IP Address to be different than the one being sent back

Posted on 2011-09-24
4
Medium Priority
?
1,375 Views
Last Modified: 2012-05-12
I have a Conditional Forwarder built that points to domain.com (Im just going to use this as an example). Everything works on this, but when the users go to www.domain.com, we get rejected. When I  called the location, they told me we need to use their external IP to access this webpage and not their internal. Everything else they will allow. The problem is that the DNS conditional forwarder is sending back the companys internal IP which is being blocked by their firewall. What is the best way to make www.domain.com go to a different IP addresses then the one the conditional forwarder is sending back?

Thanks
0
Comment
Question by:pacermach
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:Tony Massa
ID: 36595012
The only thing you can do is create a new DNS zone on your DNS server for www.domain.com and set the . Default record to the correct IP.

It MUST be a ZONE for the one host you want to be authoritative for.

This happens a lot when companies merge...I have done this exact thing before.
0
 

Author Comment

by:pacermach
ID: 36710710
I appreciate your feedback. Could you be more specific on the process of doing this? I guess I just have never had to do this type of configuration so I just want to make sure I kno the exact process you just specified.

Thanks!!!
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 2000 total points
ID: 36711181
In you AD DNS, you have to create a new AD forward lookup DNS zone called www.domain.com

Your DNS will then be authoritative for that specific record.  Technically, it's a zone, but the clients won't differentiate.  This way, you effictively hijack that one specific DNS record

Here's the steps:

1.  Run DNS Management console
2.  On Forward Lookup Zones, right-click and  choose "New Zone"
3.  Call the new zone "www.domain.com"
4.  Leave the defaults (or configure to your liking) for which servers you want to host the zone
5.  You can decline "Dynamic Updates"
6.  When the new zone is created, create a "New Host (A)..." record
7. DO NOT put anything in the Name box  (Same As Parent) record will be created
8.  Enter the IP of the record and you're done

Now your DNS is now authoritative for the ONE record www.domain.com
1
 

Author Closing Comment

by:pacermach
ID: 36896414
I havent made this specfic change, but we actually did this configuration for another use case at another site and it worked like a charm. We will be making this specific change next wee, but I have no doubt that it will work.. Thanks for the great solution!!
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question