Dynamic DNS Zone Forwarding ...

[Dave]

Archived from groups: microsoft.public.win2000.dns (More info?)

I have been searching high and low for a solution to a DNS problem, which I
have been unable to find. So I thought I would ask the experts!

So that someone reading this understands the situation that I am facing, it
is necessary to provide some background information. Currently I'm employed
with a small company owned by a larger organization. The larger
organization provides our company with Intranet Sites. DNS Records for
these Intranet Sites are only stored within the Private DNS Zone of our
parent company and not available through the Public DNS Zone. We do not
have access to the Private DNS Zone (and no Zone Transfers for the Public
DNS either), as they believe it to be a security risk. (that is a topic for
another post altogether)

Currently our Private DNS Server, is storing an Authoratative Zone
containing the entries for the Intranet Sites of our parent company, as well
as some publicly available DNS Records. In order to avoid having to update
this DNS Zone of our Parent Company when changes to the Public DNS Zone are
made, I was trying to locate a product that may be able to dynamically
search DNS Records. The product that I would be ideally looking for, would
have settings that would allow you to create a zone, create DNS records, and
if a client is unable to resolve requests within its zone, it would try to
locate the DNS record from the actual public zone.

Does anyone know of a product that can accomplish what I have described
above? Any advice would be greatly appreciated,

Dave

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:Qxq4d.124419$Q7D.4940@twister01.bloor.is.net.cable.rogers.com,
Dave <someone@hotmail.com> commented
Then Kevin replied below:
> I have been searching high and low for a solution to a
> DNS problem, which I have been unable to find. So I
> thought I would ask the experts!
>
> So that someone reading this understands the situation
> that I am facing, it is necessary to provide some
> background information. Currently I'm employed with a
> small company owned by a larger organization. The larger
> organization provides our company with Intranet Sites.
> DNS Records for these Intranet Sites are only stored
> within the Private DNS Zone of our parent company and not
> available through the Public DNS Zone. We do not have
> access to the Private DNS Zone (and no Zone Transfers for
> the Public DNS either), as they believe it to be a
> security risk. (that is a topic for another post
> altogether)
>
> Currently our Private DNS Server, is storing an
> Authoratative Zone containing the entries for the
> Intranet Sites of our parent company, as well as some
> publicly available DNS Records. In order to avoid having
> to update this DNS Zone of our Parent Company when
> changes to the Public DNS Zone are made, I was trying to
> locate a product that may be able to dynamically search
> DNS Records. The product that I would be ideally looking
> for, would have settings that would allow you to create a
> zone, create DNS records, and if a client is unable to
> resolve requests within its zone, it would try to locate
> the DNS record from the actual public zone.
>
> Does anyone know of a product that can accomplish what I
> have described above? Any advice would be greatly
> appreciated,
>
> Dave

You don't need a product, all you need to do is use a delegation instead of
using host records. e.g. If you have a local zone for example.com to resolve
private records instead of adding host records for say www with the IP of
the website, use a delegation named www pointing to the Authoritative DNS
servers for the public domain name.

Right click in example.com select New Delegation, name it www then enter the
DNS server name and IP that are Authoritative for the public name. (You
can't just use an external DNS, it must be authoritative.)


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Dave]

Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks Kevin for the advice! I was able to successfully use delegation to
contact the authoritative name server, for records that I was aware of.
Would this approach work for MX records as well? The problem is really, if
they add a new record in the future, I would manually have to add a
delegation. Really the Intranet Zone will be storing maybe 3 or 4 A records
for Intranet Webservers, and any other queries I want it to go to the
authoritative name server on the Internet, which could store more then 30
records; and unfortunately I have no ability to perform a entire zone query.

Thanks,
Dave

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:Oa7IKxRoEHA.3172@TK2MSFTNGP10.phx.gbl...
> In news:Qxq4d.124419$Q7D.4940@twister01.bloor.is.net.cable.rogers.com,
> Dave <someone@hotmail.com> commented
> Then Kevin replied below:
>> I have been searching high and low for a solution to a
>> DNS problem, which I have been unable to find. So I
>> thought I would ask the experts!
>>
>> So that someone reading this understands the situation
>> that I am facing, it is necessary to provide some
>> background information. Currently I'm employed with a
>> small company owned by a larger organization. The larger
>> organization provides our company with Intranet Sites.
>> DNS Records for these Intranet Sites are only stored
>> within the Private DNS Zone of our parent company and not
>> available through the Public DNS Zone. We do not have
>> access to the Private DNS Zone (and no Zone Transfers for
>> the Public DNS either), as they believe it to be a
>> security risk. (that is a topic for another post
>> altogether)
>>
>> Currently our Private DNS Server, is storing an
>> Authoratative Zone containing the entries for the
>> Intranet Sites of our parent company, as well as some
>> publicly available DNS Records. In order to avoid having
>> to update this DNS Zone of our Parent Company when
>> changes to the Public DNS Zone are made, I was trying to
>> locate a product that may be able to dynamically search
>> DNS Records. The product that I would be ideally looking
>> for, would have settings that would allow you to create a
>> zone, create DNS records, and if a client is unable to
>> resolve requests within its zone, it would try to locate
>> the DNS record from the actual public zone.
>>
>> Does anyone know of a product that can accomplish what I
>> have described above? Any advice would be greatly
>> appreciated,
>>
>> Dave
>
> You don't need a product, all you need to do is use a delegation instead
> of
> using host records. e.g. If you have a local zone for example.com to
> resolve
> private records instead of adding host records for say www with the IP of
> the website, use a delegation named www pointing to the Authoritative DNS
> servers for the public domain name.
>
> Right click in example.com select New Delegation, name it www then enter
> the
> DNS server name and IP that are Authoritative for the public name. (You
> can't just use an external DNS, it must be authoritative.)
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:I_s4d.125224$Q7D.110869@twister01.bloor.is.net.cable.rogers.com,
Dave <someone@hotmail.com> commented
Then Kevin replied below:
> Thanks Kevin for the advice! I was able to successfully
> use delegation to contact the authoritative name server,
> for records that I was aware of. Would this approach work
> for MX records as well? The problem is really, if they
> add a new record in the future, I would manually have to
> add a delegation. Really the Intranet Zone will be
> storing maybe 3 or 4 A records for Intranet Webservers,
> and any other queries I want it to go to the
> authoritative name server on the Internet, which could
> store more then 30 records; and unfortunately I have no
> ability to perform a entire zone query.

If all you need is three or four records for your intranet, the best
solution is to fix that and forward everything else. The way you do that is,
instead of creating a zone for the domain then adding the host records for
each host you need to resolve in the intranet or internet, delete the
example.com zone, then add Forward lookup zones with the FQDN of the
intranet hosts e.g. "host1.example.com", "host2.example.com" and
"host3.example.com" then add a new host to each leaving the name field blank
with the IP of the intranet site. All other hosts in example.com would be
forwarded.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Dave]

Archived from groups: microsoft.public.win2000.dns (More info?)

Sweet! Thanks Kevin for the advice, thats why I ask the experts!

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:OiLNUFToEHA.3896@TK2MSFTNGP15.phx.gbl...
> In news:I_s4d.125224$Q7D.110869@twister01.bloor.is.net.cable.rogers.com,
> Dave <someone@hotmail.com> commented
> Then Kevin replied below:
> > Thanks Kevin for the advice! I was able to successfully
> > use delegation to contact the authoritative name server,
> > for records that I was aware of. Would this approach work
> > for MX records as well? The problem is really, if they
> > add a new record in the future, I would manually have to
> > add a delegation. Really the Intranet Zone will be
> > storing maybe 3 or 4 A records for Intranet Webservers,
> > and any other queries I want it to go to the
> > authoritative name server on the Internet, which could
> > store more then 30 records; and unfortunately I have no
> > ability to perform a entire zone query.
>
> If all you need is three or four records for your intranet, the best
> solution is to fix that and forward everything else. The way you do that
is,
> instead of creating a zone for the domain then adding the host records for
> each host you need to resolve in the intranet or internet, delete the
> example.com zone, then add Forward lookup zones with the FQDN of the
> intranet hosts e.g. "host1.example.com", "host2.example.com" and
> "host3.example.com" then add a new host to each leaving the name field
blank
> with the IP of the intranet site. All other hosts in example.com would be
> forwarded.
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:A1A4d.76280$KU5.74445@edtnps89,
Dave <someone@somewhere.com> commented
Then Kevin replied below:
> Sweet! Thanks Kevin for the advice, thats why I ask the
> experts!

No problem, I hope it all works out for you.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================