Sign in with
Sign up | Sign in
Your question

Internal AD-DNS and External Domain

Last response: in Windows 2000/NT
Share
Anonymous
September 7, 2005 5:36:05 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hello,

We have same domain/dns for external and internal called abc.com. I have
forwarders enabled to our local ISP dns incase something goes screwy. We
have two problems.
1) We have two location a and b. first the host.abc.com points to location
a but in a failover situation it is pointed to location b. If location a ever
fails our internal user cannot see the location B failover unless the host
static entry is entered in to the dns.

2) How can i find out if the forwarders works. Right now host.abc.com is
pointed location b. It only works if the entry for host is entered in to the
dns otherwise it doesn't see it. globally everyones sees it but our LAN.

Hope this is clear.

Many thanks,

sach
Anonymous
September 8, 2005 1:55:52 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:D E6B2BFC-AFB0-4CB1-B7AF-60B29770F05F@microsoft.com,
sach <sach@discussions.microsoft.com> made this post, which I then commented
about below:
> Hello,
>
> We have same domain/dns for external and internal called abc.com. I
> have forwarders enabled to our local ISP dns incase something goes
> screwy. We have two problems.
> 1) We have two location a and b. first the host.abc.com points to
> location a but in a failover situation it is pointed to location b.
> If location a ever fails our internal user cannot see the location B
> failover unless the host static entry is entered in to the dns.

Assuming that all DNS servers in your infrastructure have the SAME EXACT
DATA, and you are using either Primary/Secondary zones or AD Integrated
zones, then why would you ever need to enter any static entries in DNS??


> 2) How can i find out if the forwarders works. Right now
> host.abc.com is pointed location b.

Are you saying location B has a DNS server that has nothing to do with the
DNS server in location A?

> It only works if the entry for
> host is entered in to the dns otherwise it doesn't see it. globally
> everyones sees it but our LAN.

Globally? Internet you mean?

>
> Hope this is clear.

Unfortunately, no it is not clear. Do you have AD running? Your AD domain
name is the same as the external name? If so, the internal DNS would have
nothing to do with the external DNS. Internally, for example to get to your
external website, you would create a www record under your internal zone,
and provide the actual external public IP address. If the website is hosted
internally for the public, then you would provide the internal private IP
address.


> Many thanks,
>
> sach

Maybe if you can elaborate with actual names and describe why you have
separate DNS servers at each location with separate data, if you have AD,
etc, that would help us understand your infrastructure.

Thanks,

--
Regards,
Ace

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
Anonymous
September 8, 2005 1:55:53 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi again,

Maybe it was my mistake on clarifying it. Here it is again.
We have AD domain and internal and external name is the same. I also have
forwardign enabled.

Here is an example:
Right now our AD DNS is abc.com....and we host blah.abc.com on our site
which wokrs fine. (since blah has an internal ip address) but if we were to
point blah.abc.com ip address(Authorative DNS) to different (off site)host ip
....we can't get to it unless we manuanlly enter the ip in the DNS for the
different host.

if this is the case than a failover wouldn't work since our lan dns would
always look for (off site) ip for blah.abc.com.

How can i have the dns setup so blah.abc.com is resolved if is host
internally or externally.

Many thanks again.

sach








"Ace Fekay [MVP]" wrote:

> In news:D E6B2BFC-AFB0-4CB1-B7AF-60B29770F05F@microsoft.com,
> sach <sach@discussions.microsoft.com> made this post, which I then commented
> about below:
> > Hello,
> >
> > We have same domain/dns for external and internal called abc.com. I
> > have forwarders enabled to our local ISP dns incase something goes
> > screwy. We have two problems.
> > 1) We have two location a and b. first the host.abc.com points to
> > location a but in a failover situation it is pointed to location b.
> > If location a ever fails our internal user cannot see the location B
> > failover unless the host static entry is entered in to the dns.
>
> Assuming that all DNS servers in your infrastructure have the SAME EXACT
> DATA, and you are using either Primary/Secondary zones or AD Integrated
> zones, then why would you ever need to enter any static entries in DNS??
>
>
> > 2) How can i find out if the forwarders works. Right now
> > host.abc.com is pointed location b.
>
> Are you saying location B has a DNS server that has nothing to do with the
> DNS server in location A?
>
> > It only works if the entry for
> > host is entered in to the dns otherwise it doesn't see it. globally
> > everyones sees it but our LAN.
>
> Globally? Internet you mean?
>
> >
> > Hope this is clear.
>
> Unfortunately, no it is not clear. Do you have AD running? Your AD domain
> name is the same as the external name? If so, the internal DNS would have
> nothing to do with the external DNS. Internally, for example to get to your
> external website, you would create a www record under your internal zone,
> and provide the actual external public IP address. If the website is hosted
> internally for the public, then you would provide the internal private IP
> address.
>
>
> > Many thanks,
> >
> > sach
>
> Maybe if you can elaborate with actual names and describe why you have
> separate DNS servers at each location with separate data, if you have AD,
> etc, that would help us understand your infrastructure.
>
> Thanks,
>
> --
> Regards,
> Ace
>
> If this post is viewed at a non-Microsoft community website, and you were to
> respond to it through that community's website, I may not see your reply.
> Therefore, please direct all replies ONLY to the Microsoft public newsgroup
> this thread originated in so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
> Infinite Diversities in Infinite Combinations.
> =================================
>
>
>
>
>
Related resources
Anonymous
September 8, 2005 3:51:20 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:958FE4DF-AD98-422B-B97B-260D8DFC2794@microsoft.com,
sach <sach@discussions.microsoft.com> made this post, which I then commented
about below:
> Hi again,
>
> Maybe it was my mistake on clarifying it. Here it is again.
> We have AD domain and internal and external name is the same. I also
> have forwardign enabled.
>
> Here is an example:
> Right now our AD DNS is abc.com....and we host blah.abc.com on our
> site which wokrs fine. (since blah has an internal ip address) but
> if we were to point blah.abc.com ip address(Authorative DNS) to
> different (off site)host ip ...we can't get to it unless we manuanlly
> enter the ip in the DNS for the different host.

Well, that makes sense because a DNS server that is hosting a zone will not
forward to another DNS server for any zones it owns. So yes, in this case
this is what you need to do.

Silly question, is "blah" the "www" record?

> if this is the case than a failover wouldn't work since our lan dns
> would always look for (off site) ip for blah.abc.com.

If the "offsite" IP address is in one of your other remotelocations
connected via a nailed 24/7 VPN, then the other DNS server in the other site
would have the same record you created on this site. UNLESS, you are
speaking of a public DNS server? If so, then no, there is no fault tolerance
there.

Designing a same AD/public DNS domain name scenario, as you see, has some
drawbacks and requires additional administrative overhead.



> How can i have the dns setup so blah.abc.com is resolved if is host
> internally or externally.
>
> Many thanks again.

Host file?

Ace
Anonymous
September 8, 2005 3:51:21 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Blah.abc.com in "blah" could be www or data.abc.com.

since we own abc.com thus our dns server will not forward any query that is
realated to abc.com.

lets say data or blah.abc.com is hosted offsite and the record created is on
the public dns...we can't do failover?

Do i have to enter external host ip in our host file for it to reslove?

i guess these are simple questions but kinda tricky.

Thanks,
sach
"Ace Fekay [MVP]" wrote:

> In news:958FE4DF-AD98-422B-B97B-260D8DFC2794@microsoft.com,
> sach <sach@discussions.microsoft.com> made this post, which I then commented
> about below:
> > Hi again,
> >
> > Maybe it was my mistake on clarifying it. Here it is again.
> > We have AD domain and internal and external name is the same. I also
> > have forwardign enabled.
> >
> > Here is an example:
> > Right now our AD DNS is abc.com....and we host blah.abc.com on our
> > site which wokrs fine. (since blah has an internal ip address) but
> > if we were to point blah.abc.com ip address(Authorative DNS) to
> > different (off site)host ip ...we can't get to it unless we manuanlly
> > enter the ip in the DNS for the different host.
>
> Well, that makes sense because a DNS server that is hosting a zone will not
> forward to another DNS server for any zones it owns. So yes, in this case
> this is what you need to do.
>
> Silly question, is "blah" the "www" record?
>
> > if this is the case than a failover wouldn't work since our lan dns
> > would always look for (off site) ip for blah.abc.com.
>
> If the "offsite" IP address is in one of your other remotelocations
> connected via a nailed 24/7 VPN, then the other DNS server in the other site
> would have the same record you created on this site. UNLESS, you are
> speaking of a public DNS server? If so, then no, there is no fault tolerance
> there.
>
> Designing a same AD/public DNS domain name scenario, as you see, has some
> drawbacks and requires additional administrative overhead.
>
>
>
> > How can i have the dns setup so blah.abc.com is resolved if is host
> > internally or externally.
> >
> > Many thanks again.
>
> Host file?
>
> Ace
>
>
>
Anonymous
September 8, 2005 5:51:15 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:36AD248C-4694-4306-97F9-2B65984F2DCC@microsoft.com,
sach <sach@discussions.microsoft.com> made this post, which I then commented
about below:
> Blah.abc.com in "blah" could be www or data.abc.com.
>
> since we own abc.com thus our dns server will not forward any query
> that is realated to abc.com.

Correct.


> lets say data or blah.abc.com is hosted offsite and the record
> created is on the public dns...we can't do failover?

I can't see how, at least not with a forwarder, because of the way
forwarding works, and because internally it's private, but externally it's a
public address. If the internal resource fails, and you want to rely on the
external one, you would need to manually change the IP on the 'blah' record.

>
> Do i have to enter external host ip in our host file for it to
> reslove?
>
> i guess these are simple questions but kinda tricky.

From what I can see, I guess in your scenario, the hosts file would be
useless. Sorry.

>
> Thanks,

:-)
Ace
Anonymous
September 8, 2005 5:51:16 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks that clears up a lot of confusion on my part. Appereciate your help
in this.

sach

"Ace Fekay [MVP]" wrote

> In news:36AD248C-4694-4306-97F9-2B65984F2DCC@microsoft.com,
> sach <sach@discussions.microsoft.com> made this post, which I then commented
> about below:
> > Blah.abc.com in "blah" could be www or data.abc.com.
> >
> > since we own abc.com thus our dns server will not forward any query
> > that is realated to abc.com.
>
> Correct.
>
>
> > lets say data or blah.abc.com is hosted offsite and the record
> > created is on the public dns...we can't do failover?
>
> I can't see how, at least not with a forwarder, because of the way
> forwarding works, and because internally it's private, but externally it's a
> public address. If the internal resource fails, and you want to rely on the
> external one, you would need to manually change the IP on the 'blah' record.
>
> >
> > Do i have to enter external host ip in our host file for it to
> > reslove?
> >
> > i guess these are simple questions but kinda tricky.
>
> From what I can see, I guess in your scenario, the hosts file would be
> useless. Sorry.
>
> >
> > Thanks,
>
> :-)
> Ace
>
>
>
Anonymous
September 9, 2005 3:26:50 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:CD0E0BA0-1F78-49CB-8294-DB3F788CF3C4@microsoft.com,
sach <sach@discussions.microsoft.com> made this post, which I then commented
about below:
> Thanks that clears up a lot of confusion on my part. Appereciate
> your help in this.
>
> sach

I hope it helped.

Ace
!