Unable to resolve site via DNS name - DETAILS PROVIDED

Two Windows domains
1domain local to our corporate office
2nd domain connected via VPN tunnel
No authentication / trusts between domains

Website site located in 2nd domain. This is an "internal" site and is not accessible outside of our network connection via VPN tunnel

We are unable to access site in 2nd domain unless we utilize IP address of the web server.

Should I be looking at DNS forward lookup zone? Should I be making changes to local user HOST file?
Jason ShawAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

footechCommented:
In general you should avoid edits to the HOST file if you can help it, as the solution is not scalable.

There are a few ways you can modify your DNS to handle this.

So, assuming users in domain2 access the web site via a name like "site.domain2.com", you can duplicate this experience by either:
1) creating a forward lookup zone for "site.domain2.com", then inside the zone create an A record, leave the name blank and point it at the correct IP.  The A record would have to be manually updated if the IP ever changes.
2) creating a conditional forwarder for "domain2.com" and point it at domain2's DNS servers (assuming they would allow this traffic).  This has an advantage in that if the IP of the site ever changes in domain2 you won't have to do anything.  The potential downside is that clients in domain1 could now make queries for any record in domain2, something domain2 may not want from a security/obscurity perspective.

For a slightly different experience, you may want your users to access the site via a different name like "mysite.domain1.com" (instead of "site.domain2.com").  For this you can just create an A record in the forward lookup zone for domain1.com, named "mysite" and point it at the appropriate IP.  This would also have to be manually updated if the IP ever changes.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jason ShawAuthor Commented:
Will either solution effect any of our existing traffic? Exchange? Etc?
0
footechCommented:
That would depend entirely on your setup and what names you lookup.

#2 has a possibility to interfere with email sent to domain2 (if their email domain is the same name as the conditional forwarder) if they don't have all the needed records for email deliverability in their forward lookup zone (FLZ) .  If someone uses the same domain name publicly and for their AD, it's not uncommon for their internal DNS to not have MX records (they don't need them to send to themselves).

With the other solutions it would be very unlikely to run into an issue.
0
footechCommented:
Solutions provided.  The issue and solutions aren't uncommon.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.