Using public DNS but need to access local domain???

I was wondering if there is a way to use public DNS settings on a workstation who is member of a local domain and still query the domain controller.

I'm looking to use OpenDNS filtering on a couple computers in our network, but the minute I change the DNS settings on the workstation to point to OpenDNS, I can not query the local domain controller anymore. Is there a way to use a public dns configuration for the internet traffic but still query the local DNS server for local traffic?
LVL 1
jdffAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

it_saigeDeveloperCommented:
Short answer is no.  However, what you can do is subject the entire network to use OpenDNS by having the internal DNS server use the OpenDNS server as a forwarder.

-saige-
0
aboo_sCommented:
Just an idea ,I do not know if it will work. But have you tried setting Primary DNS server to OpenDNS while the secendary points to local server!?
0
DrDave242Senior Support EngineerCommented:
Just an idea ,I do not know if it will work. But have you tried setting Primary DNS server to OpenDNS while the secendary points to local server!?
This won't work. An alternate DNS server is only queried if the preferred server doesn't respond, not if it responds negatively. In that scenario, as long as the OpenDNS server was reachable and continued to respond to queries, the local server would never be queried.

The OpenDNS servers are never going to have information about the machines within your domain. The approach mentioned by it_saige is the only feasible solution: configure all of your domain-joined machines to use only your internal DNS server, and use OpenDNS servers as forwarders.
0
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

jdffAuthor Commented:
DrDave and it_saige, if I do as you say, configuring the opendns dns servers under forwarders, my entire network will be filtered since all computers will have to go through opendns, this is what I'm trying to avoid, I'm trying to filter only a couple computers.
0
DrDave242Senior Support EngineerCommented:
Ah. In that case, I'm afraid I can't think of a practical way to make it work.

If you're interested in an impractical way: Configure a second DNS server. Either put it on another DC and use AD-integrated zones or put it on something else and configure zone transfers to replicate the zones from the first DNS server. Configure forwarders on the new DNS server to use OpenDNS servers. Configure only the clients you wish to filter to use this new DNS server and no other. This way, only those clients' Internet queries will go through OpenDNS, and the other clients will keep working as they have.
0
it_saigeDeveloperCommented:
Agreed with Dave.  You could accomplish what you want by adding another DNS server and specifying this server for only those clients you want to use OpenDNS.

-saige-
0
Craig BeckCommented:
I agree with Dave too... you'd need a new DNS server which forwards to OpenDNS.  Point the filtered clients at the new DNS server... job done.
0
jdffAuthor Commented:
It looks doable, does any one knows if I can install a third party DNS server on my current windows domain controller DNS? My idea was to use the secondary NIC from the server for the second DNS server and then do a zone transfer with forwarders. Not sure if it possible, but would be a great solution.
0
Craig BeckCommented:
I wouldn't.  You need active-directory integration, otherwise your clients won't be able to locate SRV records.  You'll just be back to square one then.
0
jdffAuthor Commented:
But DrDave said that I could do it either way, via ad-integration zone or zone transfer, which is what I'm asking. Can you clarify it?
0
Craig BeckCommented:
Ah sorry, misunderstood...

Yes, you can do a secondary zone transfer to another instance of a DNS server running on the same machine.  Put the second IP on the same NIC as the existing IP though.  You'd need to transfer both the domain name zone and the _msdcs.domain zones.
0
jdffAuthor Commented:
Ok, so it can be done without the installation of another DNS server? If so, can you please describe the steps in order to achieve a resolution? Thank you.
0
jdffAuthor Commented:
No ideas?
0
Craig BeckCommented:
Configure a secondary IP on the NIC on the server.
Configure the two forward-lookup zones to allow zone-transfers to the secondary IP address.
Install a second instance of a DNS server on the existing AD-DNS server.
Configure the bindings of each DNS server to use their own specific IP addresses.
Configure each DNS zone as a secondary zone on the new DNS instance.
Configure the secondary DNS instance to forward to OpenDNS.
Point the filtered clients to the secondary IP for DNS.
0
DrDave242Senior Support EngineerCommented:
I believe this will work. Microsoft cautions against multihoming a DC (using more than one NIC) in general, but since both NICs will be bound to separate DNS services that contain the same records and both will be reachable on the local subnet, I don't see a problem. You'll want to do some testing of this configuration, of course, but I can't think of a reason why it wouldn't work.
0
Craig BeckCommented:
Just put both IPs on the same NIC.
0
jdffAuthor Commented:
Craig, how can you install a second instance of DNS server on the domain controller? I've never seen that, please explain.
0
Craig BeckCommented:
You said it yourself... Install a 3rd party DNS server app.
0
jdffAuthor Commented:
I haven't found one, do you know of anyone?
0
Craig BeckCommented:
Try Simple DNS Plus
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jdffAuthor Commented:
I'm sorry I was away. I will try this week and post my findings here.

Thanks
jdff
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.