Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Set two DNS, Private and Public in clients to query from

Posted on 2013-01-09
6
Medium Priority
?
625 Views
Last Modified: 2013-01-09
When I set local DNS on any NIC setting as primary DNS and try to resolve a public FQDN it simply doesn't find it unless I added to the private DNS even though I have a public DNS set up along with the private but as a secondary one.

Is there anyway to get public names that are not entered in the private DNS to resolve using the public DNS ?

for example, I have domain.local resolving to 192.168.1.240
and domain.public.com should resolve to something like xx.0.52.12
but public domain is not resolving!

My current DNS setting in the NIC are
192.168.1.170 < Local DNS server and primary
8.8.8.8 < Google DNS Server - secondary

thanks
0
Comment
Question by:Mohammed Hamada
  • 3
  • 2
6 Comments
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 2000 total points
ID: 38758039
Hi,

First of all, if you add several DNS servers in IP settings on a client computer these DNS servers MUST contain exactly the same DNS zones.
NEVER add several DNS servers that have not the same content ! NEVER ! DNS protocol, and DNS client behavior is not built in that goal.

Typically, having a primary DNS server that resolves internal names and a secondary server that resolves external names can not work... It seems to work at the beginning but in fact it does not. If you add more than one DNS servers in your IP settings IT IS ONLY for high availability of DNS resolution, IT IS NOT to resolve more names !


Ok so, now to be able to resolve external names by interrogating only your internal DNS servers you only have to add "forwarders" on you internal DNS server.
"Forwarders" are used by the DNS server for any request that does not match any DNS zone hosted by the server. "Forwarders" should contain IP addresses of external DNS servers, and of course your internal DNS server must be able to reach external DNS servers. This may require to open DNS port on some firewalls.

As an example, let's say your internal DNS server hosts the DNS zone "myinternaldomain.com" for your AD domain. You want to be able to resolve any external name.
On your DNS server you add "forwarders" that point to external DNS servers.
On a client computer, you only interrogate your internal DNS server. From this client if you want to resolve an external name (let's say www.microsoft.com) the computer will only ask the internal DNS server.
The internal DNS server receives the request for "www.microsoft.com". It realizes that this is for DNS zone that in not hosted locally. The DNS server will then submit the request to the "forwarders" and wait for an answer.
When the answer comes, the internal DNS server takes it and gives it back to the client computer. The client computer NEVER has to interrrogate external DNS servers directly, and MUST NEVER HAVE TO.


Have a good day.
0
 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 38758393
Thanks for the detailed explanation, Right now my DNS Server has internet access in order to resolve and forward external DNS queries to internal clients.

Is there anyway that the DNS will work without internet and still resolve and forward external DNS queries to internal clients.
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 38758446
if you dont have the capability to reach an external DNS ....it can not resolve an external DNS request

so the last DNS becomes 'the end of the line'
authoritative DNS is saying i have these 'machines' in my view...under me
if the DNS is not authoritative it must forward the request to someone else who can answer the request

once it 'visits' an external site it can learn where to send requests

and if you have more space than you will ever need you could try to store all the DNS info from a public DNS server (not a good idea)
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 24

Author Comment

by:Mohammed Hamada
ID: 38758468
So in this case, Internet must be available in the DNS server for external DNS reach ?
0
 
LVL 24

Author Closing Comment

by:Mohammed Hamada
ID: 38758473
Thanks.
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38758511
Hi again,

Not sure to really understand your last question... How the server could resolve external names without access to external DNS servers ?!?!! If this is your question the answer is NO, of course NO.

If your question is "how the internal DNS server can resolve SOME external names without access to external DNS servers" then the answer is yes it's possible. What you have to do is to create the DNS zone on your internal DNS server and create the requested record.
As an example, let's suppose I want my DNS internal server to be able to resolve one particular external DNS name (let's say www.mycompany.com should be resolved to 1.2.3.4).
I'll then create a new DNS zone named "www.mycompany.com" on my internal DNS server and in this zone I will create a new host (A) record with blank name and type the IP address 1.2.3.4.
0

Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question