Internal win2000 server and ISP using the same domain

  • Thread starter Thread starter Marc Cubria
  • Start date Start date
M

Marc Cubria

Hi!

Firstly, sorry about my poor english

I have just one win2000 server with a DNS server and domain name XXX.com.br. This server dont communicate with Internet (we have just one machine to communicate with Internet, a proxy server with 2
lan cards using Winproxy) and our DNS server is configurated just to resolve names for win2000/XP workstations logon (i deleted the root zone) and have forwards to the ISP server. Our mail server is
in the ISP with name pop.YYY.com.br and smtp.YYY.com.br. Now, the ISP want to change the domain name and use the same domain name that we use in the internal win2000 server pop.XXX.com.br and
smtp.XXX.com.br. The problem is that our win2000 server cant resolve the name because is the same domain name and our server is authoritative. My server is not in mixed mode, so to rename my domain is
so complicated and dangerous. What can i do to resolve this problem? Add a root hint to point to the ISP server resolve my problem?

Thanks in advance,

Marc Cubría - Rio de Janeiro, Brazil
 
In
Marc Cubria said:
Hi!

Firstly, sorry about my poor english

I have just one win2000 server with a DNS server and domain name
XXX.com.br. This server dont communicate with Internet (we have just
one machine to communicate with Internet, a proxy server with 2 lan
cards using Winproxy) and our DNS server is configurated just to
resolve names for win2000/XP workstations logon (i deleted the root
zone) and have forwards to the ISP server. Our mail server is in the
ISP with name pop.YYY.com.br and smtp.YYY.com.br. Now, the ISP want
to change the domain name and use the same domain name that we use in
the internal win2000 server pop.XXX.com.br and smtp.XXX.com.br. The
problem is that our win2000 server cant resolve the name because is
the same domain name and our server is authoritative. My server is
not in mixed mode, so to rename my domain is so complicated and
dangerous. What can i do to resolve this problem? Add a root hint to
point to the ISP server resolve my problem?

Thanks in advance,

Marc Cubría - Rio de Janeiro, Brazil
Click to expand...

Easy fix - create the necessary A records (smtp, pop, ftp. etc etc) giving
them the actual external IP addresses.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
"Now, the ISP want to change the domain name and use the same domain name that we use in the internal win2000 server pop.XXX.com.br and
smtp.XXX.com.br."

Why does your ISP want to change the domain name? It is important to use a separate domain name on your internal network. Using the same domain name on your internal network as you have published externally is poor security practice and should be avoided, not to mention it will cause administrative difficulties.

"The problem is that our win2000 server cant resolve the name because is the same domain name and our server is authoritative."

I'm not quite sure what your having trouble resolving but you should be able to enter the appropriate records in you internal DNS to resolve the required items. That said; you should definitely avoid the use of the same domain names internally and externally. This is going to cause you more problems.

Ian Bagnald
MCSE:Security Windows 2000
MCSA:Security Windows 2000
COMPTIA A+
 
"Now, the ISP want to change the domain name and use the same domain name that we use in the internal win2000 server pop.XXX.com.br and
smtp.XXX.com.br."

Why does your ISP want to change the domain name? If possible it is best to use a seperate domain name on your internal network. Using the same domain name on your internal network as you have published externally is poor security practice and should be avoided.

"The problem is that our win2000 server cant resolve the name because is the same domain name and our server is authoritative."

I'm not quite sure what your having trouble resolving but you should be able to enter the appropriate records in you internal DNS to resolve the required items. That said, you should avoid the use of the same domain names internally and externally.
 
Dear

Dear Ace Fekay,

Thanks a lot. I´ll try add an A records from the ISP mail server ip´s to my DNS
with the dnscommand recordadd, right?

Something like:
ISP´s pop server: 200.20.99.28 (pop.xxx.com.br)

Dnscmd fcrb2.xxx.com.br /RecordAdd pop.xxx.com.br A 200.20.99.28. It´s
right?


But, if i configure outlook with the ip address instead of the name of the
ISP´s mail server, i wont have the problem. It is right? The only problem is if
the ISP ip´s change, ok?
 
In
Marc Cubria said:
Dear

Dear Ace Fekay,

Thanks a lot. I´ll try add an A records from the ISP mail server
ip´s to my DNS with the dnscommand recordadd, right?

Something like:
ISP´s pop server: 200.20.99.28 (pop.xxx.com.br)

Dnscmd fcrb2.xxx.com.br /RecordAdd pop.xxx.com.br A 200.20.99.28.
It´s right?


But, if i configure outlook with the ip address instead of the name
of the ISP´s mail server, i wont have the problem. It is right? The
only problem is if the ISP ip´s change, ok?
Click to expand...

Yes, use the ISP's pop server. You can use dnscmd if you like. Since its one
record, I usually just go in and manually create it, its quicker. Dnscmd is
more for batching mutliple tasks.

Normally with mail services, records won't change. I can understand www
records, which some ISPs change often or have multiple records, where a
delegation will handle it better. If you feel that the records will change
(don't know why the ISP would constantly change it) instead of creating an A
record, instead create a delegation to "pop" and provide the nameservers on
record for your domain name instead of the ISP's DNS address (unless they;re
the same). This will insure that whatever the IP is, it will always resolve.
Delegate all your reources this way.

If you put the name in the client, and you have the necessary records setup,
I do not see why it will not resolve, unless you have your client (and DCs)
DNS addresses configured with something else other than your required
internal DNS addresses (that AD uses).

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Dear Ace Fekay,

Again, Thanks for your help.

I dont have much experience with DNS, so i would use the dnscmd command, now i
used the dns manager, and WORKS!

Thanks a lot.

Marc Cubría - Rio de Janeiro, Brazil
 
In
Marc Cubria said:
Dear Ace Fekay,

Again, Thanks for your help.

I dont have much experience with DNS, so i would use the dnscmd
command, now i used the dns manager, and WORKS!

Thanks a lot.

Marc Cubría - Rio de Janeiro, Brazil
Click to expand...

My pleasure. Glad to hear it worked for you!

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Back
Top