Solved

Have DNS Conditional Forwarder, but need 1 IP Address to be different than the one being sent back

Posted on 2011-09-24
4
1,108 Views
Last Modified: 2012-05-12
I have a Conditional Forwarder built that points to domain.com (Im just going to use this as an example). Everything works on this, but when the users go to www.domain.com, we get rejected. When I  called the location, they told me we need to use their external IP to access this webpage and not their internal. Everything else they will allow. The problem is that the DNS conditional forwarder is sending back the companys internal IP which is being blocked by their firewall. What is the best way to make www.domain.com go to a different IP addresses then the one the conditional forwarder is sending back?

Thanks
0
Comment
Question by:pacermach
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:Tony Massa
ID: 36595012
The only thing you can do is create a new DNS zone on your DNS server for www.domain.com and set the . Default record to the correct IP.

It MUST be a ZONE for the one host you want to be authoritative for.

This happens a lot when companies merge...I have done this exact thing before.
0
 

Author Comment

by:pacermach
ID: 36710710
I appreciate your feedback. Could you be more specific on the process of doing this? I guess I just have never had to do this type of configuration so I just want to make sure I kno the exact process you just specified.

Thanks!!!
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 500 total points
ID: 36711181
In you AD DNS, you have to create a new AD forward lookup DNS zone called www.domain.com

Your DNS will then be authoritative for that specific record.  Technically, it's a zone, but the clients won't differentiate.  This way, you effictively hijack that one specific DNS record

Here's the steps:

1.  Run DNS Management console
2.  On Forward Lookup Zones, right-click and  choose "New Zone"
3.  Call the new zone "www.domain.com"
4.  Leave the defaults (or configure to your liking) for which servers you want to host the zone
5.  You can decline "Dynamic Updates"
6.  When the new zone is created, create a "New Host (A)..." record
7. DO NOT put anything in the Name box  (Same As Parent) record will be created
8.  Enter the IP of the record and you're done

Now your DNS is now authoritative for the ONE record www.domain.com
1
 

Author Closing Comment

by:pacermach
ID: 36896414
I havent made this specfic change, but we actually did this configuration for another use case at another site and it worked like a charm. We will be making this specific change next wee, but I have no doubt that it will work.. Thanks for the great solution!!
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now