Internal AD-DNS and External Domain

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,

We have same domain/dns for external and internal called abc.com. I have
forwarders enabled to our local ISP dns incase something goes screwy. We
have two problems.
1) We have two location a and b. first the host.abc.com points to location
a but in a failover situation it is pointed to location b. If location a ever
fails our internal user cannot see the location B failover unless the host
static entry is entered in to the dns.

2) How can i find out if the forwarders works. Right now host.abc.com is
pointed location b. It only works if the entry for host is entered in to the
dns otherwise it doesn't see it. globally everyones sees it but our LAN.

Hope this is clear.

Many thanks,

sach
 
In
sach said:
Hello,

We have same domain/dns for external and internal called abc.com. I
have forwarders enabled to our local ISP dns incase something goes
screwy. We have two problems.
1) We have two location a and b. first the host.abc.com points to
location a but in a failover situation it is pointed to location b.
If location a ever fails our internal user cannot see the location B
failover unless the host static entry is entered in to the dns.
Click to expand...

Assuming that all DNS servers in your infrastructure have the SAME EXACT
DATA, and you are using either Primary/Secondary zones or AD Integrated
zones, then why would you ever need to enter any static entries in DNS??

2) How can i find out if the forwarders works. Right now
host.abc.com is pointed location b.
Click to expand...

Are you saying location B has a DNS server that has nothing to do with the
DNS server in location A?
It only works if the entry for
host is entered in to the dns otherwise it doesn't see it. globally
everyones sees it but our LAN.
Click to expand...

Globally? Internet you mean?
Hope this is clear.
Click to expand...

Unfortunately, no it is not clear. Do you have AD running? Your AD domain
name is the same as the external name? If so, the internal DNS would have
nothing to do with the external DNS. Internally, for example to get to your
external website, you would create a www record under your internal zone,
and provide the actual external public IP address. If the website is hosted
internally for the public, then you would provide the internal private IP
address.

Many thanks,

sach
Click to expand...

Maybe if you can elaborate with actual names and describe why you have
separate DNS servers at each location with separate data, if you have AD,
etc, that would help us understand your infrastructure.

Thanks,

--
Regards,
Ace

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
 
Hi again,

Maybe it was my mistake on clarifying it. Here it is again.
We have AD domain and internal and external name is the same. I also have
forwardign enabled.

Here is an example:
Right now our AD DNS is abc.com....and we host blah.abc.com on our site
which wokrs fine. (since blah has an internal ip address) but if we were to
point blah.abc.com ip address(Authorative DNS) to different (off site)host ip
....we can't get to it unless we manuanlly enter the ip in the DNS for the
different host.

if this is the case than a failover wouldn't work since our lan dns would
always look for (off site) ip for blah.abc.com.

How can i have the dns setup so blah.abc.com is resolved if is host
internally or externally.

Many thanks again.

sach
 
In
sach said:
Hi again,

Maybe it was my mistake on clarifying it. Here it is again.
We have AD domain and internal and external name is the same. I also
have forwardign enabled.

Here is an example:
Right now our AD DNS is abc.com....and we host blah.abc.com on our
site which wokrs fine. (since blah has an internal ip address) but
if we were to point blah.abc.com ip address(Authorative DNS) to
different (off site)host ip ...we can't get to it unless we manuanlly
enter the ip in the DNS for the different host.
Click to expand...

Well, that makes sense because a DNS server that is hosting a zone will not
forward to another DNS server for any zones it owns. So yes, in this case
this is what you need to do.

Silly question, is "blah" the "www" record?
if this is the case than a failover wouldn't work since our lan dns
would always look for (off site) ip for blah.abc.com.
Click to expand...

If the "offsite" IP address is in one of your other remotelocations
connected via a nailed 24/7 VPN, then the other DNS server in the other site
would have the same record you created on this site. UNLESS, you are
speaking of a public DNS server? If so, then no, there is no fault tolerance
there.

Designing a same AD/public DNS domain name scenario, as you see, has some
drawbacks and requires additional administrative overhead.


How can i have the dns setup so blah.abc.com is resolved if is host
internally or externally.

Many thanks again.
Click to expand...

Host file?

Ace
 
Blah.abc.com in "blah" could be www or data.abc.com.

since we own abc.com thus our dns server will not forward any query that is
realated to abc.com.

lets say data or blah.abc.com is hosted offsite and the record created is on
the public dns...we can't do failover?

Do i have to enter external host ip in our host file for it to reslove?

i guess these are simple questions but kinda tricky.

Thanks,
sach
 
In
sach said:
Blah.abc.com in "blah" could be www or data.abc.com.

since we own abc.com thus our dns server will not forward any query
that is realated to abc.com.
Correct.


lets say data or blah.abc.com is hosted offsite and the record
created is on the public dns...we can't do failover?
Click to expand...

I can't see how, at least not with a forwarder, because of the way
forwarding works, and because internally it's private, but externally it's a
public address. If the internal resource fails, and you want to rely on the
external one, you would need to manually change the IP on the 'blah' record.
Do i have to enter external host ip in our host file for it to
reslove?

i guess these are simple questions but kinda tricky.
Click to expand...

From what I can see, I guess in your scenario, the hosts file would be
useless. Sorry.
Thanks,
Click to expand...

:-)
Ace
 
Thanks that clears up a lot of confusion on my part. Appereciate your help
in this.

sach
 
Back
Top