Solved

Set two DNS, Private and Public in clients to query from

Posted on 2013-01-09
6
613 Views
Last Modified: 2013-01-09
When I set local DNS on any NIC setting as primary DNS and try to resolve a public FQDN it simply doesn't find it unless I added to the private DNS even though I have a public DNS set up along with the private but as a secondary one.

Is there anyway to get public names that are not entered in the private DNS to resolve using the public DNS ?

for example, I have domain.local resolving to 192.168.1.240
and domain.public.com should resolve to something like xx.0.52.12
but public domain is not resolving!

My current DNS setting in the NIC are
192.168.1.170 < Local DNS server and primary
8.8.8.8 < Google DNS Server - secondary

thanks
0
Comment
Question by:Mohammed Hamada
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 500 total points
ID: 38758039
Hi,

First of all, if you add several DNS servers in IP settings on a client computer these DNS servers MUST contain exactly the same DNS zones.
NEVER add several DNS servers that have not the same content ! NEVER ! DNS protocol, and DNS client behavior is not built in that goal.

Typically, having a primary DNS server that resolves internal names and a secondary server that resolves external names can not work... It seems to work at the beginning but in fact it does not. If you add more than one DNS servers in your IP settings IT IS ONLY for high availability of DNS resolution, IT IS NOT to resolve more names !


Ok so, now to be able to resolve external names by interrogating only your internal DNS servers you only have to add "forwarders" on you internal DNS server.
"Forwarders" are used by the DNS server for any request that does not match any DNS zone hosted by the server. "Forwarders" should contain IP addresses of external DNS servers, and of course your internal DNS server must be able to reach external DNS servers. This may require to open DNS port on some firewalls.

As an example, let's say your internal DNS server hosts the DNS zone "myinternaldomain.com" for your AD domain. You want to be able to resolve any external name.
On your DNS server you add "forwarders" that point to external DNS servers.
On a client computer, you only interrogate your internal DNS server. From this client if you want to resolve an external name (let's say www.microsoft.com) the computer will only ask the internal DNS server.
The internal DNS server receives the request for "www.microsoft.com". It realizes that this is for DNS zone that in not hosted locally. The DNS server will then submit the request to the "forwarders" and wait for an answer.
When the answer comes, the internal DNS server takes it and gives it back to the client computer. The client computer NEVER has to interrrogate external DNS servers directly, and MUST NEVER HAVE TO.


Have a good day.
0
 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 38758393
Thanks for the detailed explanation, Right now my DNS Server has internet access in order to resolve and forward external DNS queries to internal clients.

Is there anyway that the DNS will work without internet and still resolve and forward external DNS queries to internal clients.
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 38758446
if you dont have the capability to reach an external DNS ....it can not resolve an external DNS request

so the last DNS becomes 'the end of the line'
authoritative DNS is saying i have these 'machines' in my view...under me
if the DNS is not authoritative it must forward the request to someone else who can answer the request

once it 'visits' an external site it can learn where to send requests

and if you have more space than you will ever need you could try to store all the DNS info from a public DNS server (not a good idea)
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 38758468
So in this case, Internet must be available in the DNS server for external DNS reach ?
0
 
LVL 24

Author Closing Comment

by:Mohammed Hamada
ID: 38758473
Thanks.
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38758511
Hi again,

Not sure to really understand your last question... How the server could resolve external names without access to external DNS servers ?!?!! If this is your question the answer is NO, of course NO.

If your question is "how the internal DNS server can resolve SOME external names without access to external DNS servers" then the answer is yes it's possible. What you have to do is to create the DNS zone on your internal DNS server and create the requested record.
As an example, let's suppose I want my DNS internal server to be able to resolve one particular external DNS name (let's say www.mycompany.com should be resolved to 1.2.3.4).
I'll then create a new DNS zone named "www.mycompany.com" on my internal DNS server and in this zone I will create a new host (A) record with blank name and type the IP address 1.2.3.4.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question