Solved

SBS2011 DNS for external FQDN

Posted on 2016-10-24
6
47 Views
Last Modified: 2016-11-03
On our LAN we have:
a) PDC @ 192.168.1.1
b) Old TS 192.168.1.5
c) New TS 192.168.1.14

We use remote.ourdomain.com.au to access the old TS which worked well for both internal & external clients.

I wish to decommission the old TS and commission the new TS. Updated firewall to fwd port 3389 from 192.168.1.5 to 192.168.1.14, tested and works for me.

Problem: Now when internal users RDP to remote.ourdomain.com.au they go to the PDC?

I have checked the SBS DNS and under Forward Lookup Zones there is an entry for remote.ourdomain.com.au which has 3 entries:
1) SOA => pdc.ourdomain.local
2) NS => pdc.ourdomain.local
3) A => 192.168.1.1

Questions
a) Does the Forward Lookup Zone "remote.ourdomain.com.au" direct internal traffic to the A record?
b) To direct this traffic to the new TS do I need to only change the A record to 192.168.1.14?
c) Why did it work with the old TS @ 192.168.1.5 and now it points to 192.168.1.1?
0
Comment
Question by:Ethan Darwin
  • 3
  • 2
6 Comments
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 41857962
did u created the forward lookup for remote.ourdomain.com.au. pointing to new IP ?

if not just create this which is enough for internal users to point to the server.

all the best
0
 

Author Comment

by:Ethan Darwin
ID: 41857963
Hi and thank you for the help. Can you explain in more details please.
0
 
LVL 16

Accepted Solution

by:
Shaik M. Sajid earned 500 total points
ID: 41857968
Local users when request for remote.ourdomain.com.au access the request will goes to the DNS obviously, when the DNS don't find the records ..then if the domain is having external DNS forwarders and remote.ourdomain.com.au this domain name is hosted on public DNS it should rout to public IP.

Here it seems your new local IP 192.168.1.14 either created record in forward or reverse lookup zones.., or it's reaching to it's gateway...I.e your DNS. 192.168.1.1...

Any how in both ways... Just create a forward lookup zone on the DNS with remote.ourdomain.com.au point to 192.168.1.14,

Delete any existing records on DNS forremote.ourdomain.com.au pointing to your old IP,  scavange stale records,

 flush DNS at server as well as client

That's it.

All the best
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 22

Expert Comment

by:David Atkin
ID: 41858869
Are you using the SBS as a Remote Desktop Gateway?  If so you may need to alter RDP Icon so that it specifies the new Terminal Server.
0
 

Author Comment

by:Ethan Darwin
ID: 41859656
I would have thought all I need to do is change the "A" record for the forward lookup zone "remote.ourdomain.com.au" to point to the new server.

Do I check "Update associated PTR record" ?

Out of interest where is this PTR record stored?
0
 
LVL 16

Assisted Solution

by:Shaik M. Sajid
Shaik M. Sajid earned 500 total points
ID: 41859829
ptr refers to reverse DNS record, in your case u don't need this, if u hosted your public domain name on external public domains.

if it's internal then u have to create reverse lookup zone sorry same subnet, after while creating A record just check box create PTR will create reverse dns record, or else u can create it manually, or else clik existing A record at bottom unchecked and check the PTR check box also works the same way...


all the best
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now