How to add 'HOSTS file type' records to AD DNS

  • Thread starter Thread starter zerodayz
  • Start date Start date
Z

zerodayz

Hello,

I have to add a few A records for a domain that I do not administer.


In more detail, we have a private IP connection to another company, we have
to resolve some FQDN's to their IP addresses. They provide no DNS service to
us.

For example, the IP:

194.129.160.17 would need to resolve to citrix-prod-somedomain.com

and another:

194.129.160.25 to citrix-dr-somedomain.com and so on.

I know exactly how I would achieve this by using a host file on each users
machine, but how can I achieve this in AD DNS. I'm running simple W2K3 AD
integrated DNS with a single Forward lookup zone, our own domain.

I've tried adding a new forward lookup zone called somedomain.com then
created the two above A records. However, when I do this, my client PC's
can't see somedomain.com, for example, internal requests the company website
www.somedomain.com fails. I guess because my new forward lookup zone took
control of *all* requests to somedomain.com. I want it *just* to resolve
those two A records, and forward all other requests to our ISP's DNS
servers.

Any ideas?

I can elaborate if needed.

Thanks for your help.

Richard
 
zerodayz said:
Hello,

I have to add a few A records for a domain that I do not administer.


In more detail, we have a private IP connection to another company,
we have to resolve some FQDN's to their IP addresses. They provide no
DNS service to us.

For example, the IP:

194.129.160.17 would need to resolve to citrix-prod-somedomain.com

and another:

194.129.160.25 to citrix-dr-somedomain.com and so on.

I know exactly how I would achieve this by using a host file on each
users machine, but how can I achieve this in AD DNS. I'm running
simple W2K3 AD integrated DNS with a single Forward lookup zone, our
own domain.

I've tried adding a new forward lookup zone called somedomain.com then
created the two above A records. However, when I do this, my client
PC's can't see somedomain.com, for example, internal requests the
company website www.somedomain.com fails. I guess because my new
forward lookup zone took control of *all* requests to somedomain.com.
I want it *just* to resolve those two A records, and forward all
other requests to our ISP's DNS servers.
Click to expand...

You will need to create separate forward lookup zones for each host name
instead of a single zone with hosts for each name. e.g. create a new forward
lookup zone named citrix-prod-somedomain.com, then in that zone create a new
host record, leave the name field blank, then give it IP 194.129.160.17.
Do this for each name you need to resolve differently from what is in the
public somedomain.com zone.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
Thanks, that worked a treat. I bow down to you...

I did consider doing that, (honest!) but I thought there may be a better way
as this could soon fill up your DNS MMC with a whole bunch of odd's and
sod's if you have a number of records to add.

It would be useful if there was a 'everything else' type record or somekind
of wildcard, so that any other record that is not listed explictly is
forwarded on to your external forwarders. That way, I could have used just
the one forward lookup zone. Oh well, it's working fine now.

Thanks again.

zerodayz
 
zerodayz said:
Thanks, that worked a treat. I bow down to you...

I did consider doing that, (honest!) but I thought there may be a
better way as this could soon fill up your DNS MMC with a whole bunch
of odd's and sod's if you have a number of records to add.

It would be useful if there was a 'everything else' type record or
somekind of wildcard,
Click to expand...

Believe me, Wildcard records are a dangerous thing to use if you use them
improperly. One big mistake is to have a wildcard record in a zone that is
in your DNS suffix search list. You must keep in mind the DNS client service
will append the suffixes in the DNS suffix search list to all names that are
not followed up with a trailing dot. It takes a trailing dot to make a FQDN,
for instance www.microsoft.com. is a FQDN while www.microsoft.com is not.
If you want to see what happens try nslookup -d2 www.microsoft.com then try
nslookup -d2 www.microsoft.com. (With the trailing dot) You should still get
the same final answer, the difference being with out the trailing dot,
nslookup as well as the DNS client service will append suffixes from the DNS
suffix search list. (The DNS suffix search list includes the Primary and
Connection specific DNS suffixes by default).

A major problem I've seen with this behavior is when your internal domain
name is a third level name of your public domain and your public domain zone
is hosted by a provider that uses wildcard records. When that happens, any
name you try to resolve that is not followed by a trailing dot will resolve
to this wildcard record in your public domain. What really gets my blood
boiling is when the wildcard record cannot be removed from the public zone,
some of these providers give no way to remove the wildcard record. So you
have to create a shadow zone in your DNS or clear the "Append parent
suffixes of the primary DNS suffix" from the DNS tab from all machines.




--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
Back
Top