With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!
Course Of The Month
7 days, 9 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Maintaining internal and external DNS
Posted on 2012-12-28
Feels weird to be on this side of the question.
I have users who need to connect to a vendor via both External and internal IP addresses. Let me explain.
Lets say that your client is microsoft (not really). I need to have the user resolve an ip address for web1.microsoft.com but this address is a private address (not in Microsoft's external DNS) that needs to go through a specific VPN connection. The user ALSO needs to connect to www.microsoft.com via the internet.
I have the routing correct. The way we have been doing this in the past is to user local "host" files. We are getting too big to manage these files. I need to get them on DNS and manage them from there.
I tried added a microsoft.com primary zone with a forwarder to 8.8.8.8 (google external DNS). The web1.microsoft.com address works but I then can not resolve www.microsoft.com.
I am running DNS on Windows 2008 R2 domain controllers.
Thanks for the help.
Mav
I have users who need to connect to a vendor via both External and internal IP addresses. Let me explain.
Lets say that your client is microsoft (not really). I need to have the user resolve an ip address for web1.microsoft.com but this address is a private address (not in Microsoft's external DNS) that needs to go through a specific VPN connection. The user ALSO needs to connect to www.microsoft.com via the internet.
I have the routing correct. The way we have been doing this in the past is to user local "host" files. We are getting too big to manage these files. I need to get them on DNS and manage them from there.
I tried added a microsoft.com primary zone with a forwarder to 8.8.8.8 (google external DNS). The web1.microsoft.com address works but I then can not resolve www.microsoft.com.
I am running DNS on Windows 2008 R2 domain controllers.
Thanks for the help.
Mav
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
2
- +1
7 Comments
Though I don't like the approach you are taking and would prefer to stay with host files to avoid issues with name resolution down the road, here is an idea.
Don't create a Microsoft.com zone, rather create a ww1.Microsoft.com zone then create an empty A record to point to the address you need.
All other requests will be resolved by public dns.
Don't create a Microsoft.com zone, rather create a ww1.Microsoft.com zone then create an empty A record to point to the address you need.
All other requests will be resolved by public dns.
The only issue I can see with this idea is that we are talking about dozens of clients with dozens of addresses each. Will that overload the DNS server? Is there a limit as too the number of zones?
Thanks
Thanks
Active today
I'm having trouble picturing your situation. In your original question you mention one site that needs to resolve to an internal IP and one that needs to resolve to an external IP. Then in your last post you mention dozens of clients with dozens of addresses. Can you describe that better? What is the number of addresses that need to resolve to an internal IP vs. the number that should be resolved by public records? And are these all for the same domain or for different ones.
The solution that becraig proposed is the route to take if you have one site that needs to resolve to a different IP than what is present in public DNS records.
A flip of that, if you have just one site/host that needs to be resolved by public records, while the rest are resolved by internal records, is also possible. To do this, you would have a zone for "example.com", with all the internal A records, then for a record you want to resolve by external records create a delegation that points at the SOA for the domain in public DNS. Let me know if you need more detail or you can find instructions here:
http://blogs.dirteam.com/blogs/acefekay/archive/2009/08/08/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name.aspx
The solution that becraig proposed is the route to take if you have one site that needs to resolve to a different IP than what is present in public DNS records.
A flip of that, if you have just one site/host that needs to be resolved by public records, while the rest are resolved by internal records, is also possible. To do this, you would have a zone for "example.com", with all the internal A records, then for a record you want to resolve by external records create a delegation that points at the SOA for the domain in public DNS. Let me know if you need more detail or you can find instructions here:
http://blogs.dirteam.com/blogs/acefekay/archive/2009/08/08/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name.aspx
I don't follow
Are you saying you expect to have personalized host records for multiple public dns sites ?
If you don't mind me asking what is the aim here ?
If this is for traffic management you may want to look into a traffic management solution or an ISA/TMG server.
I cannot see a scenario where you would need to have a host record on your dns server for a hundred or more public zones (namespaces you do not own)
The only issue I can see with this idea is that we are talking about dozens of clients with dozens of addresses each. Will that overload the DNS server? Is there a limit as too the number of zones?
Are you saying you expect to have personalized host records for multiple public dns sites ?
If you don't mind me asking what is the aim here ?
If this is for traffic management you may want to look into a traffic management solution or an ISA/TMG server.
I cannot see a scenario where you would need to have a host record on your dns server for a hundred or more public zones (namespaces you do not own)
The only issue I can see with this idea is that we are talking about dozens of clients with dozens of addresses each. Will that overload the DNS server? Is there a limit as too the number of zones?
I was speaking to the answer given to create a zone for each host file entry.
Right now, we have 105 different entries in our host files that we have to manage on over 400 computers. These host files can change at the whim of our client (they change a process to a different server for example). Becasue we can not manage the host files via script, I want to move them to DNS so I only have to touch one place to make changes instead of 400 different computers.
I was speaking to the answer given to create a zone for each host file entry.
Right now, we have 105 different entries in our host files that we have to manage on over 400 computers. These host files can change at the whim of our client (they change a process to a different server for example). Becasue we can not manage the host files via script, I want to move them to DNS so I only have to touch one place to make changes instead of 400 different computers.
Both scenarios are viable and if your dns server is only available on your intranet (via vpn or direct access) You can also script one host file and propagate to all the clients every time a change is made (Since you would have to be notified in the case of DNS as well).
The choice is your but the solutions offered above would work, a little more visibility into:
Approximately how many public domains are you spoofing ?
Are the clients only using your dns servers for name resolution ?
Is your dns server available to your clients on the internet or only on the intranet ?
would help to create a better view of what is required.
The choice is your but the solutions offered above would work, a little more visibility into:
Approximately how many public domains are you spoofing ?
Are the clients only using your dns servers for name resolution ?
Is your dns server available to your clients on the internet or only on the intranet ?
would help to create a better view of what is required.
Active today
It sounds like your client has identical public and private DNS domain names. That's never a good idea, although I think this is the first time I've considered the administrative nightmare that it can cause for a partner in an extranet scenario. 105 entries in your hosts files? That's insane.
It seems likely that most of the addresses you'll need to resolve are private addresses. If that's the case, you can use either conditional forwarders or a stub zone to send those queries to your partner's DNS servers. Then you don't have to update anything when they make changes internally, and you can create forward lookup zones on your DNS servers (as has already been mentioned) for the public addresses, which aren't likely to change much.
It seems likely that most of the addresses you'll need to resolve are private addresses. If that's the case, you can use either conditional forwarders or a stub zone to send those queries to your partner's DNS servers. Then you don't have to update anything when they make changes internally, and you can create forward lookup zones on your DNS servers (as has already been mentioned) for the public addresses, which aren't likely to change much.
Featured Post
Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona.
Thanks David, for your detailed and honest evaluation!
Use of TCL script on Cisco devices:
- create file and merge it with running configuration to apply configuration changes
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg).
If you're looking for how to monitor bandwidth using netflow or packet s…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month7 days, 9 hours left to enroll
729 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.