Active Directory, DNS, and ISP hosted domains

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello. I'm having trouble with a new Windows 2000 Advanced Server
installation. Everything is working great (internet, local logins, etc.)
except for one thing.

I setup the domain the same as the internet presence of the organization.
For example, their internet domain name is organization.com and their Active
Directory domain is organization.com. However, their website and email are
hosted on the internet. Whenever a local request is issued by a client for
organization.com, the WIN2K server intercepts the requests and then
subsequnetly times out. This happens for both web and mail traffic. The
local users can't get to their website and they can't send or receive email.
How do I fix this problem so that the WIN2K server sends requests for
organization.com on out to the proper place on the internet?

Thank you. :o)
 
Your DNS claims to be authoritative for "organization.com" so it sees no need to forward any queries it receives. It should however
just return a negative response, not a timeout.

You simply need to create "shadow" entries in your local zone's DNS server for the various public names. For example, if
www.organization.net is 111.22.3.4, then you need to add an A record to your inside DNS server for www to point to this IP. That's
all. If you have a mail server you'll need to replicate the MX record(s) also.

Having to maintain these shadow entries can be a little annoying. One trick you can use is to create a delegation record instead of
an A record for the name. The delegated name servers for this name will be the public DNS name servers for your domain. This just
avoids the need to track changes manually to the IP address because your server now forwards queries to the public name server for
that name. Don't worry about it if you're not comfortable with this - creating A/MX/CNAME records works just fine, and there usually
aren't very many of them for the average domain.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.
 
Thanks, Steve. I'm pretty sure the delegation is going to take care of it.
Delegation is the best option since the organization doesn't have in-house IT
staff. :)
 
Well, I setup a delegation for *.organization.com and another for
mail.organization.com and everything worked great!...for about 3 to 4 hours.
Now, no one can access mail.organization.com anymore. Do I need to setup an
MX record? I'm unsure why the delegation worked for a time and then quit?
 
You definitely need a local MX record - this is not a delegation, but it can refer to the name you delegated.

It continued to work because clients cache this sort of information. You should use nslookup after you setup your configuration -
this bypasses client caching and will verify that your names can be queried successfully. Alternatively, you can use ipconfig
/flushdns on a client to clear the cache and force names to be re-resolved.

Steve Duff, MCSE
Ergodic Systems, Inc.
 
Back
Top