?
Solved

AD dns vs PTR or A record

Posted on 2014-12-04
21
Medium Priority
?
131 Views
Last Modified: 2015-01-16
we have a domain call abx.local  and all the hosts and the servers connected to the same domain . we have a subsidiary company running as abz.biz  as exchange server mail accounts on the same domain . issue is how we can Nat to  rrty-abz.biz  in the abx AD domain  to server ip 192.168.128.65

currently server 192.168.128.65 registered as host name  wwtt in the abx.local  .

please let me know the record type need to create the abx.local DNS . do I have to create the sub domain call rrty-abz.biz or any other way we can move on ?
is it possible to name the domain like rrty-abz.biz with -
0
Comment
Question by:cur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 10
21 Comments
 
LVL 28

Assisted Solution

by:Dan McFadden
Dan McFadden earned 2000 total points
ID: 40482443
Its a little unclear what you wish to do.  First, NAT has nothing to do with DNS, NAT happens at the network level.

I have a few questions:

1. are all these domains on the same internal network?
2. do you want to make a host (server) in the rtty-abz.biz domain appear as a host that can be looked up in the abx.local domain?
3. do you want wwtt.abx.local to appear as a host that can be looked up in the rrty-abz.biz domain?

In either #2 or #3, you need to create a CNAME record (alias) in the DNS zone on your DNS server.

link:  http://technet.microsoft.com/de-de/library/ff625726(v=ws.10).aspx

Dan
0
 

Author Comment

by:cur
ID: 40486603
1.internal
2. rtty-abz.biz is web service running PC with the local Ip  192.168.128.65:86 . only the ip address will work internally rather Name
0
 

Author Comment

by:cur
ID: 40486609
other thing is internal web mail not work without ip address 192.168.128.100/owa . if I used the mail.abx.com/owa not responding
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 28

Assisted Solution

by:Dan McFadden
Dan McFadden earned 2000 total points
ID: 40486610
If the site works on the IP and not the DNS name, you have a name resolution issue.  You need to create a record in DNS that points to the IP address of the site.
0
 
LVL 28

Assisted Solution

by:Dan McFadden
Dan McFadden earned 2000 total points
ID: 40486614
for websites that run on non-standard ports, you need to explicitly write out the URL, the format is protocol://hostname.domain.extension:portnumber

So, if the URL for rtty-abz.biz would be:   http://rtty-abz.biz:86

For your mail server, you need to create an A record in DNS that point the IP address to the name mail.abx.com.

Dan
0
 

Author Comment

by:cur
ID: 40504235
how can I change the name abx.local to abx.com in the A record page . there is a FQDN field as Abx.local and no way to change that .name and the ip address is possible to enter  . pleas advice me
0
 
LVL 28

Assisted Solution

by:Dan McFadden
Dan McFadden earned 2000 total points
ID: 40504293
If abx.local is your Active Directory domain, you cannot change it with rebuilding AD.

What you can do is create a new DNS zone on your DNS Servers and create an A record there that points to the server you are trying to have appear as a host in the abx.com domain.

How many DNS domains are present on your Domain Controllers?  Can you send a screenshot?

Dan
0
 

Author Comment

by:cur
ID: 40504313
we  have only one domain abx.local as AD and the DNS name . but our web site and the public DNS is abx.com . issue is we can't access the exchange mail internally https://mail.abx.com/owa . I want to have access to mail internally as well . now we are accessing  https://192.168.128.212/owa
0
 
LVL 28

Assisted Solution

by:Dan McFadden
Dan McFadden earned 2000 total points
ID: 40504361
If you do an NSLOOKUP on the IP address 192.168.128.212, what is returned?

Your internal URL for owa should be the host FQDN plus "/owa".  For example:

https://servername.abx.local/owa

Dan
0
 

Author Comment

by:cur
ID: 40504394
srvex.abx.local
0
 
LVL 28

Assisted Solution

by:Dan McFadden
Dan McFadden earned 2000 total points
ID: 40504406
So, the URL for your internal OWA should be:  https://srvex.abx.local/owa

You may have to configure IIS to specifically use the IP address 192.168.128.212, in IIS Manager.

Dan
0
 
LVL 28

Assisted Solution

by:Dan McFadden
Dan McFadden earned 2000 total points
ID: 40504407
If you want to use the URL:  https://mail.abx.local/owa, then you can to create an alias (CNAME) record in the abx.local DNS zone that points to srvex.abx.local.

Dan
0
 

Author Comment

by:cur
ID: 40504568
sorry  it should be https://mail.abx.com/owa  access from the internal network . our AD and dns is abx.local
0
 
LVL 28

Assisted Solution

by:Dan McFadden
Dan McFadden earned 2000 total points
ID: 40504615
I think what you are asking for is a split-brain DNS zone setup.

Reference links:  
1. http://msdn.microsoft.com/en-us/library/ms954396.aspx
2. http://www.itgeared.com/articles/1020-what-is-split-brain-split-horizon-or/

Is the abx.com hosted externally?  I see the abx.com SOA points to a French Registrar or Host Provider.

IMO, I do not recommend deploying split-brain DNS zones, they cause too much of a management headache.  With that said, you can do the following:

1. on a DC, create a new primary zone called abx.com
2. recreate all externally present A records in this new zone
--- this has to be done because, on your internal network, the DCs are now authoritive for abx.com and your user computers point to the DCs for name resolution.  If you do not do this, your www.abx.com website & other internet services, would appear to be offline only when accessing it from inside your office.
3. add an additional A record for mail.abx.com pointing to the internal address stated above.

Any changes to the DNS zone abx.com on the hosted Internet DNS servers must be done by hand on the DCs.

How to link: http://www.thesuperkev.com/2012/10/setting-up-split-dns-in-windows-server.html

Dan
0
 

Author Comment

by:cur
ID: 40504760
Is the abx.com hosted externally?  yes

And we have Abx.com as primary  but I did not find any host record for mail.abx.com

only record I can see www is pointing to the external web ip address ? I hope that is the web site  address
please give a idea to create the record for exchange
0
 
LVL 28

Assisted Solution

by:Dan McFadden
Dan McFadden earned 2000 total points
ID: 40504820
OK, this is getting too complicated a story to follow.  So let me ask a few more questions:

1. is your Exchange Server's IP address : 192.168.128.212?
2. does your Exchange Server also host OWA?
3. are you receiving email from external sources with this Exchange server?
4. what is the external IP address of your mail server?

Dan
0
 

Author Comment

by:cur
ID: 40504860
1. is your Exchange Server's IP address : 192.168.128.212? yes
 2. does your Exchange Server also host OWA? yes
 3. are you receiving email from external sources with this Exchange server? yes
 4. what is the external IP address of your mail server? No External IP address  bind to exchange server
0
 
LVL 28

Assisted Solution

by:Dan McFadden
Dan McFadden earned 2000 total points
ID: 40504905
1. Is the abx.com going to be used on the Internet at any time or for only internal use?
2. Is OWA only for internal access?
3. what domain(s) are you receiving email for?  There are no MX entries for any of the domains mentioned in this post.

As per my post above on 2014-12-17 at 15:07:50, create the domain abx.com on your DCs, create all externally available DNS entries in the new DNS zone on the DCs, then create an A record for mail.abx.com pointing to the exchange server's IP address.

Dan
0
 

Author Comment

by:cur
ID: 40506265
1. Is the abx.com going to be used on the Internet at any time or for only internal use? internet and using now
2. Is OWA only for internal access? internal and external purpose  . And working both ways . only issue is lan via access need to replace the mail.abx.com as 192.168.128.212
3. what domain(s) are you receiving email for?  abx.com
There are no MX entries for any of the domains mentioned in this post. Telco gateway and MX record on their end
0
 

Author Comment

by:cur
ID: 40508767
all OK except one external domain that registered look  bit confused to me . thank you for your feedback .

Ddd.biz and ee-Ddd.biz public domain and working fine externally . I have created Ddd.biz in the local DNS and pointing to the external public IP in the internal DNS .

but ee-Ddd.biz is hosted internally and running on the Server call wwsrv . how can I map the host record to resole the server internally.

I have separate zone called Ddd.biz  and we have the record www to point external ip
how can I create the ee-Ddd.biz in the windows domain ? is this name correct according to the FQDN concept ?
0
 
LVL 28

Accepted Solution

by:
Dan McFadden earned 2000 total points
ID: 40508779
If the ddd.biz domain is external and is functioning, you should not need to create an internal copy of the zone.  Your DC/DNS servers should be able to go out to the Internet and resolve the domain and associated host names.

Creating an internal copy of a domain is only for setting up a split-brain DNS zone.  When you have an external domain with a public IP and want to use an internal server (with a private IP) from inside your office.

I can resolve www.ddd.biz from my connection.  This is what I see:

C:\>nslookup www.ddd.biz

Non-authoritative answer:
Name:    ddd.biz
Address:  192.185.16.254
Aliases:  www.ddd.biz

Open in new window


I cannot resolve the "ee-ddd.biz" domain, nslookup returns a "non-existent domain" message.

So if you cannot, then your internal DNS servers as incorrectly setup.  I would try setting up DNS forwarder on all of your DCs, you could point the forwarders to your Telco's DNS servers.  This should resolve some of your external domain
resolution issues.

Dan
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question