Unable to resolve site via DNS name - DETAILS PROVIDED

Jason Shaw
Jason Shaw used Ask the Experts™
Two Windows domains
1domain local to our corporate office
2nd domain connected via VPN tunnel
No authentication / trusts between domains

Website site located in 2nd domain. This is an "internal" site and is not accessible outside of our network connection via VPN tunnel

We are unable to access site in 2nd domain unless we utilize IP address of the web server.

Should I be looking at DNS forward lookup zone? Should I be making changes to local user HOST file?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2014
In general you should avoid edits to the HOST file if you can help it, as the solution is not scalable.

There are a few ways you can modify your DNS to handle this.

So, assuming users in domain2 access the web site via a name like "site.domain2.com", you can duplicate this experience by either:
1) creating a forward lookup zone for "site.domain2.com", then inside the zone create an A record, leave the name blank and point it at the correct IP.  The A record would have to be manually updated if the IP ever changes.
2) creating a conditional forwarder for "domain2.com" and point it at domain2's DNS servers (assuming they would allow this traffic).  This has an advantage in that if the IP of the site ever changes in domain2 you won't have to do anything.  The potential downside is that clients in domain1 could now make queries for any record in domain2, something domain2 may not want from a security/obscurity perspective.

For a slightly different experience, you may want your users to access the site via a different name like "mysite.domain1.com" (instead of "site.domain2.com").  For this you can just create an A record in the forward lookup zone for domain1.com, named "mysite" and point it at the appropriate IP.  This would also have to be manually updated if the IP ever changes.


Will either solution effect any of our existing traffic? Exchange? Etc?
Top Expert 2014

That would depend entirely on your setup and what names you lookup.

#2 has a possibility to interfere with email sent to domain2 (if their email domain is the same name as the conditional forwarder) if they don't have all the needed records for email deliverability in their forward lookup zone (FLZ) .  If someone uses the same domain name publicly and for their AD, it's not uncommon for their internal DNS to not have MX records (they don't need them to send to themselves).

With the other solutions it would be very unlikely to run into an issue.
Top Expert 2014

Solutions provided.  The issue and solutions aren't uncommon.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial