techindahaus
asked on
Hosts file on domain PDC
I have a windows 2003 PDC running Exchange and some other apps. We have a new peice of software that we need installed on each workstation on the networks domain and it runs through a VPN.
The software consultant wants us to install an edited hosts file on each workstation mapping some of the servers on the remote portion of the VPN. THey are not in our domain.
My question, is: Cant I add this to the DNS server and be done with it? What if one of those IP's changes? I would have to edit all of the workstations again. Im not into that.
What would be the simple way to fix this ?
The software consultant wants us to install an edited hosts file on each workstation mapping some of the servers on the remote portion of the VPN. THey are not in our domain.
My question, is: Cant I add this to the DNS server and be done with it? What if one of those IP's changes? I would have to edit all of the workstations again. Im not into that.
What would be the simple way to fix this ?
John
You do have to map to the remote system. You could set up scripts in the normal way that map to the IP address at the remote end. This means not changing the hosts files on many machines but means changing the central scripts if the IP address changes.
Thats how i would do it.
ASKER
What about just connecting to their DNS server under reverse lookup?
for example. say if the vendor server is named server1.vendordomain.com you could create a forward authoritative domain for vendordomain.com on your dns server with the records they need and then in your domain create a cname to that record. So your record would like server1.mydomain maps to server1.vendordomain.com. this way your clients can resolve the names without needing a dns suffix entry on each client.
if your clients are looking up the fully qualified domain name then you wouldnt need the cname records in your domain.
Mapping via scripts and mapped drive may not be possible if the software is written to connect to a file share such as \\Server1\Share1. Though I would use DNS (you have to create a new zone for the remote site), depending on the VPN configuration, it may block access to local resources such as DNS, which may be why they recommend using the hosts file. You can script updating the host file form the server upon logon. The user needs to be an admin, to run it.
ASKER
Maybe I didnt explain this very well.
1. Im not looking for a scripting solution.
2. Im not looking to manually edit Cnames each time the application server changes its public IP address.
What Im looking for is a way to map the host names of the remote servers and their IP addresses WITHOUT creating a separate host file on every workstation in my domain.
Now, I think I know the best course of action. Add their DNS server to mine in the reverse lookup area so that my DNS server can query theirs and if an IP changes, my records should be updated as all of my workstations are using my domains PDC for DNS.
What Im unsure about is if this is the best place to impliment this solution. Im not a DNS expert, but can certainly find my way around a server.
1. Im not looking for a scripting solution.
2. Im not looking to manually edit Cnames each time the application server changes its public IP address.
What Im looking for is a way to map the host names of the remote servers and their IP addresses WITHOUT creating a separate host file on every workstation in my domain.
Now, I think I know the best course of action. Add their DNS server to mine in the reverse lookup area so that my DNS server can query theirs and if an IP changes, my records should be updated as all of my workstations are using my domains PDC for DNS.
What Im unsure about is if this is the best place to impliment this solution. Im not a DNS expert, but can certainly find my way around a server.
I dont think you mean Reverse Lookup. A reverse lookup is an ip to a name. You are referring to a forwarder. When you create a forwarder you would create it for their domain, as an in the previous example vendordomain.com. So when a client looks up server1.vendordomain.com they would hit that forward which would direct them to the name server you provided in the forwarder configuration. The issue with that is the only way the client would be directed out the forwarder is if they are trying to resolve the fully qualified domain. If a client was trying to resolve server1 it would only append your dns suffix which would be your domain.com. All clients would then need to have a dns suffix for that domain. This gets ugly because then all lookups would try to append to that.
If clients are looking up the fully qualified domain name then you would be okay with the forwarder.
If clients are looking up the fully qualified domain name then you would be okay with the forwarder.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Unheardof: Actually, I am referring to a reverse lookup. Similar to a HOST file, it will allow you to lookup up a name from an IP. I believe that is the premise. But I just didnt know if that would be the "best" way to accomplish this. My assumption here was that if I added it and I had their DNS servers IP, it would poll the DNS server for any changes.
Rob: yea, I agree. I have also looked into pushing out the HOST file replacement in our login script. It just seems so archaic to be dealing with these HOST files anymore. As of right now I dont have an answer to whether we can even get their DNS IP. This whole process has been a "rush" job and this is just another kink in the process.
I may try a few of your suggestions based on what information I get this week from the vendor. Hopefully, we can come to a simple solution. Ill update this thread when I get that.
Rob: yea, I agree. I have also looked into pushing out the HOST file replacement in our login script. It just seems so archaic to be dealing with these HOST files anymore. As of right now I dont have an answer to whether we can even get their DNS IP. This whole process has been a "rush" job and this is just another kink in the process.
I may try a few of your suggestions based on what information I get this week from the vendor. Hopefully, we can come to a simple solution. Ill update this thread when I get that.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Rob,
How would a conditional forwarder for a domain ( which requires an ip of the vendors name server to forward the queries to ) hurt local Dns. Queries would only be sent to the forwarder that have the same domain suffix. Since the clients wouldnt have the suffix in their configuration, the only way the forwarder would be used would be by a client that is trying to resolve the Fully Qualified Domain Name.
I'm not saying that this may be the best fit for this scenario but until we hear back these are just suggestions.
How would a conditional forwarder for a domain ( which requires an ip of the vendors name server to forward the queries to ) hurt local Dns. Queries would only be sent to the forwarder that have the same domain suffix. Since the clients wouldnt have the suffix in their configuration, the only way the forwarder would be used would be by a client that is trying to resolve the Fully Qualified Domain Name.
I'm not saying that this may be the best fit for this scenario but until we hear back these are just suggestions.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.