Solved

Set two DNS, Private and Public in clients to query from

Posted on 2013-01-09
6
610 Views
Last Modified: 2013-01-09
When I set local DNS on any NIC setting as primary DNS and try to resolve a public FQDN it simply doesn't find it unless I added to the private DNS even though I have a public DNS set up along with the private but as a secondary one.

Is there anyway to get public names that are not entered in the private DNS to resolve using the public DNS ?

for example, I have domain.local resolving to 192.168.1.240
and domain.public.com should resolve to something like xx.0.52.12
but public domain is not resolving!

My current DNS setting in the NIC are
192.168.1.170 < Local DNS server and primary
8.8.8.8 < Google DNS Server - secondary

thanks
0
Comment
Question by:Mohammed Hamada
  • 3
  • 2
6 Comments
 
LVL 16

Accepted Solution

by:
PaciB earned 500 total points
ID: 38758039
Hi,

First of all, if you add several DNS servers in IP settings on a client computer these DNS servers MUST contain exactly the same DNS zones.
NEVER add several DNS servers that have not the same content ! NEVER ! DNS protocol, and DNS client behavior is not built in that goal.

Typically, having a primary DNS server that resolves internal names and a secondary server that resolves external names can not work... It seems to work at the beginning but in fact it does not. If you add more than one DNS servers in your IP settings IT IS ONLY for high availability of DNS resolution, IT IS NOT to resolve more names !


Ok so, now to be able to resolve external names by interrogating only your internal DNS servers you only have to add "forwarders" on you internal DNS server.
"Forwarders" are used by the DNS server for any request that does not match any DNS zone hosted by the server. "Forwarders" should contain IP addresses of external DNS servers, and of course your internal DNS server must be able to reach external DNS servers. This may require to open DNS port on some firewalls.

As an example, let's say your internal DNS server hosts the DNS zone "myinternaldomain.com" for your AD domain. You want to be able to resolve any external name.
On your DNS server you add "forwarders" that point to external DNS servers.
On a client computer, you only interrogate your internal DNS server. From this client if you want to resolve an external name (let's say www.microsoft.com) the computer will only ask the internal DNS server.
The internal DNS server receives the request for "www.microsoft.com". It realizes that this is for DNS zone that in not hosted locally. The DNS server will then submit the request to the "forwarders" and wait for an answer.
When the answer comes, the internal DNS server takes it and gives it back to the client computer. The client computer NEVER has to interrrogate external DNS servers directly, and MUST NEVER HAVE TO.


Have a good day.
0
 
LVL 23

Author Comment

by:Mohammed Hamada
ID: 38758393
Thanks for the detailed explanation, Right now my DNS Server has internet access in order to resolve and forward external DNS queries to internal clients.

Is there anyway that the DNS will work without internet and still resolve and forward external DNS queries to internal clients.
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 38758446
if you dont have the capability to reach an external DNS ....it can not resolve an external DNS request

so the last DNS becomes 'the end of the line'
authoritative DNS is saying i have these 'machines' in my view...under me
if the DNS is not authoritative it must forward the request to someone else who can answer the request

once it 'visits' an external site it can learn where to send requests

and if you have more space than you will ever need you could try to store all the DNS info from a public DNS server (not a good idea)
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 23

Author Comment

by:Mohammed Hamada
ID: 38758468
So in this case, Internet must be available in the DNS server for external DNS reach ?
0
 
LVL 23

Author Closing Comment

by:Mohammed Hamada
ID: 38758473
Thanks.
0
 
LVL 16

Expert Comment

by:PaciB
ID: 38758511
Hi again,

Not sure to really understand your last question... How the server could resolve external names without access to external DNS servers ?!?!! If this is your question the answer is NO, of course NO.

If your question is "how the internal DNS server can resolve SOME external names without access to external DNS servers" then the answer is yes it's possible. What you have to do is to create the DNS zone on your internal DNS server and create the requested record.
As an example, let's suppose I want my DNS internal server to be able to resolve one particular external DNS name (let's say www.mycompany.com should be resolved to 1.2.3.4).
I'll then create a new DNS zone named "www.mycompany.com" on my internal DNS server and in this zone I will create a new host (A) record with blank name and type the IP address 1.2.3.4.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now