Solved

AD dns vs PTR or A record

Posted on 2014-12-04
21
114 Views
Last Modified: 2015-01-16
we have a domain call abx.local  and all the hosts and the servers connected to the same domain . we have a subsidiary company running as abz.biz  as exchange server mail accounts on the same domain . issue is how we can Nat to  rrty-abz.biz  in the abx AD domain  to server ip 192.168.128.65

currently server 192.168.128.65 registered as host name  wwtt in the abx.local  .

please let me know the record type need to create the abx.local DNS . do I have to create the sub domain call rrty-abz.biz or any other way we can move on ?
is it possible to name the domain like rrty-abz.biz with -
0
Comment
Question by:cur
  • 11
  • 10
21 Comments
 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 500 total points
Comment Utility
Its a little unclear what you wish to do.  First, NAT has nothing to do with DNS, NAT happens at the network level.

I have a few questions:

1. are all these domains on the same internal network?
2. do you want to make a host (server) in the rtty-abz.biz domain appear as a host that can be looked up in the abx.local domain?
3. do you want wwtt.abx.local to appear as a host that can be looked up in the rrty-abz.biz domain?

In either #2 or #3, you need to create a CNAME record (alias) in the DNS zone on your DNS server.

link:  http://technet.microsoft.com/de-de/library/ff625726(v=ws.10).aspx

Dan
0
 

Author Comment

by:cur
Comment Utility
1.internal
2. rtty-abz.biz is web service running PC with the local Ip  192.168.128.65:86 . only the ip address will work internally rather Name
0
 

Author Comment

by:cur
Comment Utility
other thing is internal web mail not work without ip address 192.168.128.100/owa . if I used the mail.abx.com/owa not responding
0
 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 500 total points
Comment Utility
If the site works on the IP and not the DNS name, you have a name resolution issue.  You need to create a record in DNS that points to the IP address of the site.
0
 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 500 total points
Comment Utility
for websites that run on non-standard ports, you need to explicitly write out the URL, the format is protocol://hostname.domain.extension:portnumber

So, if the URL for rtty-abz.biz would be:   http://rtty-abz.biz:86

For your mail server, you need to create an A record in DNS that point the IP address to the name mail.abx.com.

Dan
0
 

Author Comment

by:cur
Comment Utility
how can I change the name abx.local to abx.com in the A record page . there is a FQDN field as Abx.local and no way to change that .name and the ip address is possible to enter  . pleas advice me
0
 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 500 total points
Comment Utility
If abx.local is your Active Directory domain, you cannot change it with rebuilding AD.

What you can do is create a new DNS zone on your DNS Servers and create an A record there that points to the server you are trying to have appear as a host in the abx.com domain.

How many DNS domains are present on your Domain Controllers?  Can you send a screenshot?

Dan
0
 

Author Comment

by:cur
Comment Utility
we  have only one domain abx.local as AD and the DNS name . but our web site and the public DNS is abx.com . issue is we can't access the exchange mail internally https://mail.abx.com/owa . I want to have access to mail internally as well . now we are accessing  https://192.168.128.212/owa
0
 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 500 total points
Comment Utility
If you do an NSLOOKUP on the IP address 192.168.128.212, what is returned?

Your internal URL for owa should be the host FQDN plus "/owa".  For example:

https://servername.abx.local/owa

Dan
0
 

Author Comment

by:cur
Comment Utility
srvex.abx.local
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 500 total points
Comment Utility
So, the URL for your internal OWA should be:  https://srvex.abx.local/owa

You may have to configure IIS to specifically use the IP address 192.168.128.212, in IIS Manager.

Dan
0
 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 500 total points
Comment Utility
If you want to use the URL:  https://mail.abx.local/owa, then you can to create an alias (CNAME) record in the abx.local DNS zone that points to srvex.abx.local.

Dan
0
 

Author Comment

by:cur
Comment Utility
sorry  it should be https://mail.abx.com/owa  access from the internal network . our AD and dns is abx.local
0
 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 500 total points
Comment Utility
I think what you are asking for is a split-brain DNS zone setup.

Reference links:  
1. http://msdn.microsoft.com/en-us/library/ms954396.aspx
2. http://www.itgeared.com/articles/1020-what-is-split-brain-split-horizon-or/

Is the abx.com hosted externally?  I see the abx.com SOA points to a French Registrar or Host Provider.

IMO, I do not recommend deploying split-brain DNS zones, they cause too much of a management headache.  With that said, you can do the following:

1. on a DC, create a new primary zone called abx.com
2. recreate all externally present A records in this new zone
--- this has to be done because, on your internal network, the DCs are now authoritive for abx.com and your user computers point to the DCs for name resolution.  If you do not do this, your www.abx.com website & other internet services, would appear to be offline only when accessing it from inside your office.
3. add an additional A record for mail.abx.com pointing to the internal address stated above.

Any changes to the DNS zone abx.com on the hosted Internet DNS servers must be done by hand on the DCs.

How to link: http://www.thesuperkev.com/2012/10/setting-up-split-dns-in-windows-server.html

Dan
0
 

Author Comment

by:cur
Comment Utility
Is the abx.com hosted externally?  yes

And we have Abx.com as primary  but I did not find any host record for mail.abx.com

only record I can see www is pointing to the external web ip address ? I hope that is the web site  address
please give a idea to create the record for exchange
0
 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 500 total points
Comment Utility
OK, this is getting too complicated a story to follow.  So let me ask a few more questions:

1. is your Exchange Server's IP address : 192.168.128.212?
2. does your Exchange Server also host OWA?
3. are you receiving email from external sources with this Exchange server?
4. what is the external IP address of your mail server?

Dan
0
 

Author Comment

by:cur
Comment Utility
1. is your Exchange Server's IP address : 192.168.128.212? yes
 2. does your Exchange Server also host OWA? yes
 3. are you receiving email from external sources with this Exchange server? yes
 4. what is the external IP address of your mail server? No External IP address  bind to exchange server
0
 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 500 total points
Comment Utility
1. Is the abx.com going to be used on the Internet at any time or for only internal use?
2. Is OWA only for internal access?
3. what domain(s) are you receiving email for?  There are no MX entries for any of the domains mentioned in this post.

As per my post above on 2014-12-17 at 15:07:50, create the domain abx.com on your DCs, create all externally available DNS entries in the new DNS zone on the DCs, then create an A record for mail.abx.com pointing to the exchange server's IP address.

Dan
0
 

Author Comment

by:cur
Comment Utility
1. Is the abx.com going to be used on the Internet at any time or for only internal use? internet and using now
2. Is OWA only for internal access? internal and external purpose  . And working both ways . only issue is lan via access need to replace the mail.abx.com as 192.168.128.212
3. what domain(s) are you receiving email for?  abx.com
There are no MX entries for any of the domains mentioned in this post. Telco gateway and MX record on their end
0
 

Author Comment

by:cur
Comment Utility
all OK except one external domain that registered look  bit confused to me . thank you for your feedback .

Ddd.biz and ee-Ddd.biz public domain and working fine externally . I have created Ddd.biz in the local DNS and pointing to the external public IP in the internal DNS .

but ee-Ddd.biz is hosted internally and running on the Server call wwsrv . how can I map the host record to resole the server internally.

I have separate zone called Ddd.biz  and we have the record www to point external ip
how can I create the ee-Ddd.biz in the windows domain ? is this name correct according to the FQDN concept ?
0
 
LVL 26

Accepted Solution

by:
Dan McFadden earned 500 total points
Comment Utility
If the ddd.biz domain is external and is functioning, you should not need to create an internal copy of the zone.  Your DC/DNS servers should be able to go out to the Internet and resolve the domain and associated host names.

Creating an internal copy of a domain is only for setting up a split-brain DNS zone.  When you have an external domain with a public IP and want to use an internal server (with a private IP) from inside your office.

I can resolve www.ddd.biz from my connection.  This is what I see:

C:\>nslookup www.ddd.biz

Non-authoritative answer:
Name:    ddd.biz
Address:  192.185.16.254
Aliases:  www.ddd.biz

Open in new window


I cannot resolve the "ee-ddd.biz" domain, nslookup returns a "non-existent domain" message.

So if you cannot, then your internal DNS servers as incorrectly setup.  I would try setting up DNS forwarder on all of your DCs, you could point the forwarders to your Telco's DNS servers.  This should resolve some of your external domain
resolution issues.

Dan
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now