[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

internal website - how to configure DNS to stay internal?

Posted on 2013-11-19
10
Medium Priority
?
374 Views
Last Modified: 2014-01-10
Hi

We have 1 internal DNS/active directory setup as hss.com

However, I want to setup the domain name internal.company-name.com to be handled internally and not go external

I have configured the website and IIS to work with the domain name internal.company-name.com

However, I don't know how to configure the internal DNS to point to this internal IP

All the youtube videos i watch all refer to the Same domain name
i.e. the DNS is setup on mydomain.com
and then internal websites are subdomains on intranet.mydomain.com

however, i have 2 different domains, HSS.com and company-name.com

Help!
0
Comment
Question by:websss
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 37

Expert Comment

by:Kimputer
ID: 39658702
If your windows domain name is HSS.com, and you wanted an internal website at test.hss.com, I think those youtube videos are clear.
If you want a totally different domain in your DNS, add this domain first:

Forward > New Zone (all default, click OK, until you can fill in the name : company-name.com)
After that, inside the new folder company-name.com add an A record for test (if you want the website to be test.company-name.com)
0
 

Author Comment

by:websss
ID: 39658803
Thanks

We did that

And then ran
CMD
Tracert test.company-name.com

however, it still goes external
We also ran FLUSH DNS

Are we missing anything?
0
 
LVL 13

Expert Comment

by:SagiEDoc
ID: 39659046
You need to add a new zone into your DNS server so, internal.company-name.com in this example. So in DNS you will have both a hss.com zone and a internal.company-name.com zone.
In this new zone you will be able to create anything.internal.company-name.com and point the anything to the internal IP address. You will need to manually add any entry created in the internal.company-name.com zone into the reverse lookup zone.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 37

Expert Comment

by:Kimputer
ID: 39659048
If possible, please post some screenshots of your dns management console ?
Does this even happen on the dns server itself or only on a client ?
Do an nslookup command on the dns server, and on a client, and post the results.
0
 
LVL 13

Accepted Solution

by:
SagiEDoc earned 2000 total points
ID: 39659054
This explains how to add a new zone, let me know if you still want screenshots:

How to Create a Forward Lookup Zone

To create a new forward lookup zone:
Start the DNS snap-in. To do this, click Start, point to Administrative Tools, and then click DNS.
Click the DNS Server object for your server in the left pane of the console, and then expand the server object to expand the tree.
Right-click Forward Lookup Zones, and then click New Zone. The New Zone Wizard starts. Click Next to continue.
Click Primary zone to create a master copy of the new zone. Click Next.
In the Name box, type the name of the zone (for example, type _tcp.example.com, and then click Next.

NOTE: This name is typically the same as the DNS suffix of the host computers for which you want to create the zone.
On the Zone File page, accept the default file name for the new zone file, and then click Next.
Click Next.
Click Finish.
The new zone is listed under Forward Lookup Zones in the DNS tree.
0
 
LVL 6

Expert Comment

by:Alan Gunn
ID: 39659135
I believe what you are after is a "Split-brain" DNS setup.

If there are resources on the internet that are  in zone "companyname.com" and you also have internal resources in the "companyname.com" zone the DNS servers have to have a method of agreeing which ercords are pblic and which are private.

 http://windowsitpro.com/networking/split-brain-dns

Alternatively, If you are having problems where you try to access the internal web site an dit sends the traffic to the intenret proxy you need to configure tyour web browsers with a rule that does not send all traffic to the proxy.
Either the rules can be set in IE or a Proxy Automatic Configuration (PAC )script can be used.

TRM
:-)
0
 

Author Comment

by:websss
ID: 39659180
Hi

We got it working but the main website stopped working www.company-name.com

however the website did work if you went to company-name.com

What did we do wrong?
0
 
LVL 13

Expert Comment

by:SagiEDoc
ID: 39659185
You just need to add a record for www and put the IP address of the web server.
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 39659869
Hi,

Solutions given by other experts here are quiet good but it requires you to recreate a full copy of the dns zone... Let me explain:

Let suppose you want your internal clients to access www.company-name.com through its internal IP address but still want other names in the company-name.com dns zone to be externally resolved, you can't apply these solutions, or you'll have to recreate all DNS records of the external "company-name.com" zone in your internal copy of this zone ! That can be long and hard to maintain.

If your goal is to intercept only one name of an external DNS zone and make this particular name to be internally resolved to the IP of your choice, the easiest way is to create a DNS zone that has the name of the FQDN you want to intercept. Here is a an example:

To intercept the DNS name www.company-name.com, on your internal DNS servers you create a forward DNS zone that is named "www.company-name.com" (the DNS zone name must match the whole FQDN you want to intercept).
Then in this DNS zone you create a new A record. In the properties window for the new record you leave the "name" field blank and only fill the IP address field.
Save the record and take a look at your DNS zone content. you should see a A record named "same as parent" with the IP you typed.

Then if you try to PING www.company-name.com from an internal client your internal DNS server will match the request with the DNS zone it now know "www.company-name.com" and as there is a "same as paren" record in it it will resolve the name www.company-name.com to the IP of your choice.


Have a good day
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39661286
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question