Solved

Have DNS Conditional Forwarder, but need 1 IP Address to be different than the one being sent back

Posted on 2011-09-24
4
1,183 Views
Last Modified: 2012-05-12
I have a Conditional Forwarder built that points to domain.com (Im just going to use this as an example). Everything works on this, but when the users go to www.domain.com, we get rejected. When I  called the location, they told me we need to use their external IP to access this webpage and not their internal. Everything else they will allow. The problem is that the DNS conditional forwarder is sending back the companys internal IP which is being blocked by their firewall. What is the best way to make www.domain.com go to a different IP addresses then the one the conditional forwarder is sending back?

Thanks
0
Comment
Question by:pacermach
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:Tony Massa
ID: 36595012
The only thing you can do is create a new DNS zone on your DNS server for www.domain.com and set the . Default record to the correct IP.

It MUST be a ZONE for the one host you want to be authoritative for.

This happens a lot when companies merge...I have done this exact thing before.
0
 

Author Comment

by:pacermach
ID: 36710710
I appreciate your feedback. Could you be more specific on the process of doing this? I guess I just have never had to do this type of configuration so I just want to make sure I kno the exact process you just specified.

Thanks!!!
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 500 total points
ID: 36711181
In you AD DNS, you have to create a new AD forward lookup DNS zone called www.domain.com

Your DNS will then be authoritative for that specific record.  Technically, it's a zone, but the clients won't differentiate.  This way, you effictively hijack that one specific DNS record

Here's the steps:

1.  Run DNS Management console
2.  On Forward Lookup Zones, right-click and  choose "New Zone"
3.  Call the new zone "www.domain.com"
4.  Leave the defaults (or configure to your liking) for which servers you want to host the zone
5.  You can decline "Dynamic Updates"
6.  When the new zone is created, create a "New Host (A)..." record
7. DO NOT put anything in the Name box  (Same As Parent) record will be created
8.  Enter the IP of the record and you're done

Now your DNS is now authoritative for the ONE record www.domain.com
1
 

Author Closing Comment

by:pacermach
ID: 36896414
I havent made this specfic change, but we actually did this configuration for another use case at another site and it worked like a charm. We will be making this specific change next wee, but I have no doubt that it will work.. Thanks for the great solution!!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Authentication -ldap 1 21
add a line in host files of domain joined workstations. 3 45
Domain trust created by PDC name 6 36
DNS times out 2 16
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question