Solved

Set two DNS, Private and Public in clients to query from

Posted on 2013-01-09
6
612 Views
Last Modified: 2013-01-09
When I set local DNS on any NIC setting as primary DNS and try to resolve a public FQDN it simply doesn't find it unless I added to the private DNS even though I have a public DNS set up along with the private but as a secondary one.

Is there anyway to get public names that are not entered in the private DNS to resolve using the public DNS ?

for example, I have domain.local resolving to 192.168.1.240
and domain.public.com should resolve to something like xx.0.52.12
but public domain is not resolving!

My current DNS setting in the NIC are
192.168.1.170 < Local DNS server and primary
8.8.8.8 < Google DNS Server - secondary

thanks
0
Comment
Question by:Mohammed Hamada
  • 3
  • 2
6 Comments
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 500 total points
ID: 38758039
Hi,

First of all, if you add several DNS servers in IP settings on a client computer these DNS servers MUST contain exactly the same DNS zones.
NEVER add several DNS servers that have not the same content ! NEVER ! DNS protocol, and DNS client behavior is not built in that goal.

Typically, having a primary DNS server that resolves internal names and a secondary server that resolves external names can not work... It seems to work at the beginning but in fact it does not. If you add more than one DNS servers in your IP settings IT IS ONLY for high availability of DNS resolution, IT IS NOT to resolve more names !


Ok so, now to be able to resolve external names by interrogating only your internal DNS servers you only have to add "forwarders" on you internal DNS server.
"Forwarders" are used by the DNS server for any request that does not match any DNS zone hosted by the server. "Forwarders" should contain IP addresses of external DNS servers, and of course your internal DNS server must be able to reach external DNS servers. This may require to open DNS port on some firewalls.

As an example, let's say your internal DNS server hosts the DNS zone "myinternaldomain.com" for your AD domain. You want to be able to resolve any external name.
On your DNS server you add "forwarders" that point to external DNS servers.
On a client computer, you only interrogate your internal DNS server. From this client if you want to resolve an external name (let's say www.microsoft.com) the computer will only ask the internal DNS server.
The internal DNS server receives the request for "www.microsoft.com". It realizes that this is for DNS zone that in not hosted locally. The DNS server will then submit the request to the "forwarders" and wait for an answer.
When the answer comes, the internal DNS server takes it and gives it back to the client computer. The client computer NEVER has to interrrogate external DNS servers directly, and MUST NEVER HAVE TO.


Have a good day.
0
 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 38758393
Thanks for the detailed explanation, Right now my DNS Server has internet access in order to resolve and forward external DNS queries to internal clients.

Is there anyway that the DNS will work without internet and still resolve and forward external DNS queries to internal clients.
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 38758446
if you dont have the capability to reach an external DNS ....it can not resolve an external DNS request

so the last DNS becomes 'the end of the line'
authoritative DNS is saying i have these 'machines' in my view...under me
if the DNS is not authoritative it must forward the request to someone else who can answer the request

once it 'visits' an external site it can learn where to send requests

and if you have more space than you will ever need you could try to store all the DNS info from a public DNS server (not a good idea)
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 38758468
So in this case, Internet must be available in the DNS server for external DNS reach ?
0
 
LVL 24

Author Closing Comment

by:Mohammed Hamada
ID: 38758473
Thanks.
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38758511
Hi again,

Not sure to really understand your last question... How the server could resolve external names without access to external DNS servers ?!?!! If this is your question the answer is NO, of course NO.

If your question is "how the internal DNS server can resolve SOME external names without access to external DNS servers" then the answer is yes it's possible. What you have to do is to create the DNS zone on your internal DNS server and create the requested record.
As an example, let's suppose I want my DNS internal server to be able to resolve one particular external DNS name (let's say www.mycompany.com should be resolved to 1.2.3.4).
I'll then create a new DNS zone named "www.mycompany.com" on my internal DNS server and in this zone I will create a new host (A) record with blank name and type the IP address 1.2.3.4.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question