DNS server to query multiple forwarders until resolution?

[Erbrod]

We are in a bizzare situation where we work with around 10
manufacturing partners on a franchise basis. We have to be able to
access their extranets etc on our network and normally we will put
their systems onto our PCs and use their DNS servers for name
resolution of their many varying bits of their systems. We put their
DNS servers as entries into our clients (we do not use DNS on our own
network). This restricts one PC to using one manufacturer's systems
only as using another would mean changing the DNS settings.

We could setup our own DNS server with relvant entries etc and lookups
to other DNS servers by domain, but the problem we have is that our
manufacturing 'partners' use all manner of names in different domains
and keep changing and adding stuff. We are the last people they tell
what they are doing as they expect us to run our systems as in the
above.

What we therefore need to do is set our client PCs up pointing to our
own DNS box. If this DNS box does not know the answer to the query
(not setup or in its cache etc), then it will keep polling down a list
of alternative DNS servers until it finds the answer (as opposed to
stopping at the first forwarder in the usual DNS fashion).

We run in a Windows (2K / 03 server) environment with XP clients.

Can anyone suggest a solution - ideally how to setup DNS on Win 2K
server to do just this?

Many thanks,

Ed

 

[Matt Anderson]

Can anyone suggest a solution - ideally how to setup DNS on Win 2K
server to do just this?

Many thanks,

Ed

I only skimmed your post, but have you considered your own DNS server and
adding secondary zones to their DNS zones? Seems like a valid solution.

Matt
MCT, MCSE

 

[Kevin D. Goodknecht Sr. [MVP]]

In

We are in a bizzare situation where we work with around 10
manufacturing partners on a franchise basis. We have to
be able to access their extranets etc on our network and
normally we will put their systems onto our PCs and use
their DNS servers for name resolution of their many
varying bits of their systems. We put their DNS servers
as entries into our clients (we do not use DNS on our own
network). This restricts one PC to using one
manufacturer's systems only as using another would mean
changing the DNS settings.

We could setup our own DNS server with relvant entries
etc and lookups to other DNS servers by domain, but the
problem we have is that our manufacturing 'partners' use
all manner of names in different domains and keep
changing and adding stuff. We are the last people they
tell what they are doing as they expect us to run our
systems as in the above.

What we therefore need to do is set our client PCs up
pointing to our own DNS box. If this DNS box does not
know the answer to the query (not setup or in its cache
etc), then it will keep polling down a list of
alternative DNS servers until it finds the answer (as
opposed to stopping at the first forwarder in the usual
DNS fashion).

We run in a Windows (2K / 03 server) environment with XP
clients.

Can anyone suggest a solution - ideally how to setup DNS
on Win 2K server to do just this?

It is easier on the Win2k3 server than it is on the Win2k. Win2k3 DNS
supports conditional forwarders and Stub zones, either of which will solve
your problem with having to pull full secondary zones from the partners DNS
servers. You would just add all of your partners' domain names to the
conditional forwarders list and the IP of the relavent DNS server, or add a
stub zone for each domain name all of your partners need you to resolve.
These domain names do not have to be valid internet domain names either, as
long as you can have direct access to each and all of the partnered DNS
servers. This way your DNS server knows all the domain names, and which DNS
server owns the name.

The Win2k server which does not support those options would have to use
Secondary zones of all your partner's zones. Which means they would have to
allow zone transfers to your DNS. You could not use Forwarders on the Win2k,
because each of the forwarders would have to know all domain names.

The only way you could use both the Win2k and Win2k3 DNS servers
simultaniously, is to forward all queries from the Win2k to the Win2k3 and
let the Win2k3 decide where the query needs to go, either to the internet or
to the partner DNS servers.(never back to the Win2k)

 

[Jonathan de Boyne Pollard]

E> it will keep polling down a list of alternative DNS servers
E> until it finds the answer (as opposed to stopping at the first
E> forwarder in the usual DNS fashion).

That's incorrect. The usual forwarding proxy DNS fashion *is* to try
all forwardees until an answer is received. You are simply erroneously
thinking that a *negative* answer isn't an answer. It is, however.

What you actually want is for a forwarding proxy DNS servers to carry on
asking even when it *has* received an answer, in the case that that
answer is a negative one. This is not what proy DNS servers do.
Negative answers are answers, after all, and there's no point in
continuing to ask when one has received an answer. What you want is not
the way that proxy DNS servers operate.

E> We are the last people they tell what they are doing as
E> they expect us to run our systems as in the above.

Then *that* is your problem, and *that* is what you need to fix. You
have an administrative problem, not a technical one. You need to
convince the network administrators of the other companies to (a)
provide you with consistent "split horizon" information and (b) to
inform you whenever their "internal" DNS server configuration changes.
If necessary, this should be part of the contract between your companies.