• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 413
  • Last Modified:

Forwarding a specific internal domain name to an external DNS server

Hello experts,

In our organization (domain.com), we have a remote branch which is connected to the internet through a dynamic IP. We use DynDNS to get into the branch using this FQDN: dynamic.domain.com

The problem is, inside the head office, when computers try to locate dynamic.dyndns.org, this DNS request is processed in our DNS server and not found.

How to tell the DNS server to forward request to the external DNS when a specific name is requested?
0
Muhajreen
Asked:
Muhajreen
  • 3
  • 3
  • 2
  • +2
1 Solution
 
lockreytCommented:
Could you not add a secondary external dns entry on the client Pcs.  Ip settings in any client allows for more then 1 dns entry.
0
 
asiduCommented:
Do as suggested by lockreyt
First DNS should point to the dyndns servers and the second DNS of the clients
should point to your internal DNS server. This only involves changes in the client.


You could also try experimenting with Conical name and this modification need to be done in your own DNS.

Check out more on conical name usage at http://rscott.org/dns/cname.html


0
 
kevinhsiehCommented:
In your AD DNS put in a cname entry of dynamic.domain.com. and point it to your dynamic.dyndns.org. Entry. That will cause all internal DNS lookups for dynamic.domain.com to get resolved to dynamic.dyndns.org.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
MuhajreenAuthor Commented:
The dynamic host is dynamic.ourdomain.com, it's not dynamic.dyndns.org, and that is my problem.
0
 
kevinhsiehCommented:
Register the IP under anything other than under ourdomain.com and you should have no problems.
0
 
MuhajreenAuthor Commented:
A lot of users are using dynamic.ourdomain.com, so I can't replace it.
0
 
elawadCommented:
let you internal DNS server forward the requests that can not be resolved by him to an external DNS server like your ISP DNS server, this should resolve the external name related to DYNDNS issue.

you know how to set up forwarders on your DNS right?
0
 
MuhajreenAuthor Commented:
Yes, Forwarders are already setup on our servers, but they don't forward unknown names to the external DNS server. Is there any way to do so?
0
 
elawadCommented:
if you enable the forwarders and direct them to your ISP DNS server then you should do nothing hence the DNS server looks first in its own zones to resolve addresses and if it doesnt exist they directelly forwared the request to the forwarders DNS servers. you should make sure that on your proxy server or firewall the DNS request to and from outside is permitted.
0
 
kevinhsiehCommented:
My understanding is that the forwarders in MS DNS server are only used for domains for which is the server is not authoratative. A conditional forwarder is when you want to use a specific forwarder for a specific domain. Since dynamic.mydomain.com is part of mydomain.com, for which the DNS server IS authoratative, forwarders will not be used.

You can try to put in a conditional forwarder for dynamic.domain.com, and point that to your ISP or whatever external DNS server you choose, and that may work. A regular forwarder will certainly NOT work. Otherwise, use a CNAME as I described earlier. If you have public users also using dynamic.mydomain.com, you can add the CNAME to both the public and private DNS servers and then you can change the actual registration from dynamic.mydomain.com to yourdomain.dyndns.org.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now