Linux DNS for External in Windows environment

When you have a local domain like internal.com which Active Directory/DC/DNS is setup for, how do you get the internal Windows DNS servers to point to the internal Linux server for translating the external DNS?
Is there a configuration on the Internal Windows DNS servers where you point to an IP or hostname of another linux DNS server that serves as the SOA for the federated domain?
garryshapeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
You need to make different internal and external views. There is no DNS software merging 2 views of same DNS zone.
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
No offense, but you are really ASKING (no, BEGGING) for confusion here.

Essentially, what you're asking (if I read you right) is for there to be an INTERNAL DNS server for abc.com, but that "failing" a lookup for that domain, you  would "re-try" with another server (ostensibly the "external" DNS server).

This has a lot of issues -- not the least of which being, what's the appropriate answer for "server.abc.com" if it is actually located in BOTH DNS zones? How would you propose to "prioritize" the responses?

This just isn't the way things are supposed to work in DNS. Specifically, DNS is designed to be "deterministic" in such a way that, upon discovering any solution (barring expiration), that solution can be "trusted" to be the same value you would get from any other server for the domain. (This is one of the reasons for the Serial No in the zone SOA).

"In the old days" we kept abc.com (the public domain) away from the ADS (presumably a private) domain by calling the ADS domain something like abc.local (or, for some, abc.com.local).

However, security issues arose, and the best thinking on this NOW is to call your ADS domain something like local.abc.com or corp.abc.com (really: just pick your own subdomain). In this way, your AD DNS servers are actually just sub-domain DNS servers, leaving your "public" DNS servers to handle the public traffic, as well as any internal request for the outside domain name (just plain old abc.com).

If it is too late for that, I'm afraid you're in for a headache -- you're going to have to manually keep the outside zone's records duplicated in the inside (ADS) zone  (there is no automated way to do this that I know of -- though you could probably script something).

I hope this helps.

Dan
IT4SOHO

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gheistCommented:
NXDOMAIN is not retried. You need to create infinite DNS loop to mix 2 domains.
SD-WAN: Making It Work for You

As bandwidth requirements and Internet costs grow, businesses naturally want to manage budgets by reducing reliance on their most expensive connection types. Learn more about how to make SD-WAN work for your business in our on-demand webinar!

garryshapeAuthor Commented:
Sorry I mean, we have an internal domain called "cafenet.com". This is for our Active Directory and Windows environment.
However, we also have Linux servers that serve as DNS for our federated domain (cafe.com).

If I do an nslookup of cafe.com from an internal Windows computer, it gives me the local subnet IP of the website. if I nslookup of cafe.com from an external computer, it gives me the public IP of that domain.

So what mechanism is used to give me the local IP of cafe.com when I do an nslookup from an internal Windows computer on the cafenet.com domain? There is no zone for "cafe.com" in the Windows DNS.
DrDave242Senior Support EngineerCommented:
Is there a conditional forwarder for cafe.com on your DNS servers?
garryshapeAuthor Commented:
Wow yes, looks like that was it. I just saw the forwarders on the server's properties in Windows DNS.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.