M
Mike Ninder
We run W2K Server AD in a small office. Assume our internal
domain name in the internal W2K network is example.com. We
also have a third party web hosting service hosting a
website and a mail server accessible on the Internet at
example.com and pop3.example.com, respectively.
Until today, the W2K DNS server inside our office didn't do
anything. The primary and secondary DNS records delivered
via DHCP internally pointed to our ISP's DNS servers.
Everything worked fine. We don't need to access anything
internally via the example.com names. All DNS lookups were
handled by the ISP nameservers.
Recently, we've been adding XP machines. They are not happy
when pointed to the ISP's nameservers via DHCP. We have
intermittent problems with lost access to mapped drives and
messages like "The system detected a possible attempt to
compromise security. Please ensure that you can contact the
server that authenticated you." Research indicates that
this is probably related to timeout of the DHCP lease and
attempts by XP to do a DNS lookup of the authenticating
server 9example.com), which is internal, not out on the
internet with the mail server and web page.
To address this problem, we have repointed the DHCP
delivered primary and secondary DNS server names back to the
internal W2K server. However, this presents the problem
that some machines need to access the mail server.
I have the following options that I can think of, but I hope
for something better:
1) I can set static IP's and fixed DNS addresses on the
machines that need to access the mail. They are not the XP
machines, so they'd work as before. This is a pain, and
requires maintenance. Plus I have one XP machine that needs
mail, so it won't work there.
2) I could change the internal domain name - a pain to
reconfigure everything.
3) I could run an internal mail server and point the
internet records to my office.
4) I can use the hosts file on each workstation to steer
pop3.example.com to the external mail server. This is a
maintenance headache, and the mail server has multiple
numeric addresses when accessed via a normal Internet DNS
lookup, so I'd lose the redundancy.
5) What I'd like to do is force the DNS server in W2K AD to
steer DNS lookups for pop3.example.com to my ISP's DNS
server, and answer only the workstation.example.com or
W2Kserver.example.com itself.
I know 5 must be possible, but I can't seem to find where to
look it up. Can anyone steer me to the right place or help?
Thanks.
domain name in the internal W2K network is example.com. We
also have a third party web hosting service hosting a
website and a mail server accessible on the Internet at
example.com and pop3.example.com, respectively.
Until today, the W2K DNS server inside our office didn't do
anything. The primary and secondary DNS records delivered
via DHCP internally pointed to our ISP's DNS servers.
Everything worked fine. We don't need to access anything
internally via the example.com names. All DNS lookups were
handled by the ISP nameservers.
Recently, we've been adding XP machines. They are not happy
when pointed to the ISP's nameservers via DHCP. We have
intermittent problems with lost access to mapped drives and
messages like "The system detected a possible attempt to
compromise security. Please ensure that you can contact the
server that authenticated you." Research indicates that
this is probably related to timeout of the DHCP lease and
attempts by XP to do a DNS lookup of the authenticating
server 9example.com), which is internal, not out on the
internet with the mail server and web page.
To address this problem, we have repointed the DHCP
delivered primary and secondary DNS server names back to the
internal W2K server. However, this presents the problem
that some machines need to access the mail server.
I have the following options that I can think of, but I hope
for something better:
1) I can set static IP's and fixed DNS addresses on the
machines that need to access the mail. They are not the XP
machines, so they'd work as before. This is a pain, and
requires maintenance. Plus I have one XP machine that needs
mail, so it won't work there.
2) I could change the internal domain name - a pain to
reconfigure everything.
3) I could run an internal mail server and point the
internet records to my office.
4) I can use the hosts file on each workstation to steer
pop3.example.com to the external mail server. This is a
maintenance headache, and the mail server has multiple
numeric addresses when accessed via a normal Internet DNS
lookup, so I'd lose the redundancy.
5) What I'd like to do is force the DNS server in W2K AD to
steer DNS lookups for pop3.example.com to my ISP's DNS
server, and answer only the workstation.example.com or
W2Kserver.example.com itself.
I know 5 must be possible, but I can't seem to find where to
look it up. Can anyone steer me to the right place or help?
Thanks.