[Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 454
  • Last Modified:

DNS Resolution Issues

I am experiencing some DNS Resolution issues to my external sites and am looking for assistance in correcting these.  Here is the setup I am currently running.

1.  I have two physcial segments to my network.  One segment is our corporate production network.  We use MS Active Directory 2008 with Microsoft DNS implemented.  Our internal corporate Domain is called SLBNTDOM.NEPTUNETG.COM.  This segment has various VLANs that are handled through a Cisco Core Layer 3 Switch.  These VLANS have IP Address of the schemes 10.8.x.x, 10.7.x.x, and 10.3.x.x.  The second physcial segment is for a test/development network that we utilize for developing software products and allowing customers to access and demo these products.  This segment uses and IP Scheme of 10.6.x.x.  Routing between the two physcial segments is done using a Cisco ASA firewall.

2.  All servers, clients, etc are connected to the same AD Domain (slbntdom.neptunetg.com).

3.  I utilize Network Solutions to manage the DNS Records for the various external sites I have.  For my production segment, I have records of the form name.neptunetg.com that points to the external IP Address for our Website, FTP Site, etc.  These external IP Address are of the form 24.227.104.x.  For my test/development segment, I have a separate ISP providing me a connection.  These records are of the form name.neptunetg.BIZ.  The external IPs for this segement are of the form 71.42.174.x.

4.  Here is the actual issue I am experiencing when I try to perform Name Resolutions to these addresses.  If from my PC internal to the production, I perfom an NSLOOKUP on SOUTHWEST.NEPTUNETG.BIZ, it trys to look up from one of my DCs running DNS the address but returns saying that it can't find the record: Non-existent domain.  My internal DNS is not aware of this Domain but I assumed the request would be handed off to the external DNS to resolved as is when I do the same NSLOOKUP for www.yahoo.com.  Is this request not being handed off?  My entries are correct in Network Solutions.

5.  Another part of testing I am doing is taking my laptop which is also a member of my AD Domain and connect it externally to an internet connection like from home or something.  if I perform a PING SOUTHWEST.NEPTUNETG.BIZ, it resolves the address correctly.  But when I perform an NSLOOKUP SOUTHWEST.NEPTUNETG.BIZ from this same laptop, it appends the SLBNTDOM.NEPTUNETG.COM to that name and for some reason it resolves it to the main web page for our WWW.NEPTUNETG.COM website.

What is going on with me resolving these DNS records for NEPTUNETG.BIZ?
  • 3
  • 2
1 Solution
Are you setup forwarders on your DNS Server?
Check that DNS port (udp 52) are open on firewall and properly route on Router.
Also take a look of this...

-hope helps-

You're Split-DNS has not been done properly or has not been done completely.

You need a single DNS infrastructure on the LAN and i must come from the AD/DNS of your DCs.  You're different Segments on the LAN are totally irrelevant.  Within that single DNS Infrastructure you have to create a new Zone that represents every Public FQDN that you are responsible for.  You then have to create all corresponding "A" Records or CNAMEs to cover everything involved.  If the Record is going to point to a Public IP# then use an "A" Record,...but if it is going to point to an internal LAN IP# then use a CNAME that points to the proper "A" Records within your internal AD Zone.  

It is a simple concept.  If a Resource is on a public IP# out in Internet Land then you go through the Firewall outbound to get there.  But if the Resource exists on the LAN with a Private IP# then you DO NOT try to make a "U-Turn" through the firewall,...but instead you resolve directly to the LAN IP and go directly to the Resource itself.

Bottom line,...on your own internal DNS you mirror the Public Records found on the authoritative DNS Servers for you public FQDNs,...however that does not mean they resolve to the same IP as they do on the Authoritative DNS.
neptuneitAuthor Commented:
DNS Forwarders were not setup correctly.
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

neptuneitAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for neptuneit's comment http:/Q_27393619.html#37083696

for the following reason:

I resolved the problem myself.
Then you should give the points to hvillanu,...he told you to check the forwarders.
You're always going to "solve the problem yourself",...everybody does,...we aren't going to come there to do it.

 It was hvillanu that lead you to the solution,...he should get full points and an "A" grade.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now