how configure my DNS server

Posted on 2012-08-23
Last Modified: 2013-01-30
Hello I have a domain with inside pc's must to resolve a name to an internal IP, the out pc's have to resolve the same name to the dyndns service to get the ip.

In resumen, I have to configure my DNS to resolve the to the ip

Question by:limmontreefree

    Expert Comment

    Sorry can you please ask the question again. What you are saying does not make any sense in the slightest.
    LVL 5

    Accepted Solution

    Zeusie, it looks like the intent is to have the same FQDN resolve to different addresses depending upon client location.  From outside the network, it should resolve normally via the DynDNS service.  From inside the network, the name should resolve to the private address (

    Do the inside machines ever move outside (laptops)?  You could handle this in a couple of ways, but resolving a host to different addresses can create interesting troubleshooting scenarios.

    - Add to the HOSTS file of the inside machines.  This is not dynamic, and is painful to maintain, but may provide an option.
    - Create a zone for on your DNS server.  You could then modify the internal resolution of this name by manipulating records within your control.  Need to be careful here to make sure that you don't accidentally convince your internal clients that you're authoritative for the entire domain.
    - Maybe a hybrid which uses a CNAME instead of the FQDN?  If you have a split-horizon DNS implementation, this may be the most elegant of less than ideal options.

    Kind regards.
    LVL 23

    Assisted Solution

    Do you have an internal DNS server?

    If so make the internal server authoritative for the zone.  Add your A record to  

    Any clients using the internal DNS server (DHCP CLIENTS?) will resolve from the internal server.  If they leave the network (take the laptop home) they will resolve it from the world servers and get the dynamic IP.

    We use this sort of setup to blacklist DNS zones.
    LVL 38

    Assisted Solution

    This is basically a restatement of kevinhigg's second option.
    If you only have one host name that needs to resolve to an internal IP when inside your network, but you need all other hosts (FQDNs) that are part of to always resolve to their public IPs; instead of creating a forward lookup zone for "", you can create a zone for "" and create an A record inside it with a blank name that points to  If you create a zone called "", then your internal clients will not be able to resolve any DNS names that end with that you have not explicityly created records for.

    Author Comment

    I apologize for answering you so late.

    Afeter reading you, I noticed the question is more complex.

    I have a Domain with a ForeFront TMG,  a SharePoint Server, a, Exchange Server and a Remote Desktop Server.

    The external IP is dynamic  and I use dyndns service to solve this. I have declared four CNAME zones in the internet DNS.

    CNAME         VALUE

    www         internal IP
    mail          internal IP
    Intranet     internal IP
    appv         internal IP

     ie three solve the same IP, In the company web site i have three link in the main menu to these Cname and is the TMG reading the head that redirect to the internal IP that is diferent for each server.

    Actually all works fine but if the Internet Router is down don't work the Remote Dekstop because all the conecttion are to

     But if I configure in my internal DNS, INTERNALLY all the request to the sharepoint using the web page links will not work .

    Thanks for your patience and for the effort of trying to understand my bad English
    LVL 38

    Assisted Solution

    Sorry, I'm having trouble understanding.  You haven't made any changes yet have you?  Let me try to restate your problem in my own words, and you can tell me if I'm wrong.

    So, in your public DNS you have records as follows:
    CNAME        VALUE

    The (from the internet) of course points to your dynamic IP.

    You want to configure your internal DNS so that if the router for the internet is down you can still reach all your sites using the same DNS names (www, mail, etc.).

    You mentioned that you configured in your internal DNS.  What kind of record did you create and where did you point it?

    I'm guessing that when you say Remote Desktop, you mean you have are using Remote App.  I'm not too familiar with the configuration of Remote App and what URLs it references.

    Same with SharePoint - if I remember correctly it can do some rewriting of URLs for when it is being accessed from either the LAN or the WAN.  Can you explain more what you mean when you say "all the request to the sharepoint using the web page links will not work"?  Is this only when the the internet router is down?  Do the links point to ""?

    However, what I think you will have to do is:
    On your internal DNS, create records for www, mail, intranet, appv that point to  If the name for your internal AD domain is the same as you use on the internet, then you can just create the CNAME records in the Forward Lookup Zone for your domain, but if the name for your internal AD domain is different than the domain name you use on the internet, then you will have to create a new Forward Lookup Zone with the same name as your internet domain name, and create the CNAME records in there.  Then you will also have to create a Forward Lookup Zone called, and create one A record in it that has a blank name (don't enter anything) and point it at the internal IP of your TMG.  Then you have to make sure that the weblisteners on your TMG listen to both the external and the internal interfaces if they don't already.

    Author Comment

    Hello Footech, thanks for answer.

    I think I undestand you, I'll try to do it, and I'll tell you if I have problems.

    Thanks you

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
    I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now