Removing NS Record for a Windows 2000 GC in a Unix Environment

[Ace Fekay [MVP]]

In

Just to let everyone know how we're going to approach this now:

Any server in the adm.uow.edu.au domain that needs to be accessed
from outside our network will not only have a public
IP address (which they do now), but also a 'public name', which is
served authoritatively from our public dns servers.
The only problem we'll have to overcome is when an application uses
the machines dns domain name, or ad dns domain
name to generate a reference to itself and uses the adm.uow.edu.au
address instead.

eg. computera.adm.uow.edu.au hosts a website. It's accessed by
everyone as computera.its.uow.edu.au so all is well and
good for name resolution. The webserver needs to generate a
self-referential URL, and uses its local name,
computera.adm.uow.edu.au. (I know apache and IIS won't do this, but
it's a generic example) An external client could still encounter the
dns problem we've been trying to fix.
If this is unfixable in any
required app, we'll look at changing the host's dns domain name to
its.uow.edu.au and see if that breaks anything with domain
membership.

Thankyou all for your help,
Christian

I would assume that the public DNS server you're using would not have a
reference to the internal private DNS server, so not sure how you would
encounter this again. This of course is a tough one partially due to your
external and internal AD names are the same.

Maybe we can go a step further and create another 'slave' IIS server that
the public DNS would send website requests to, and then in that server's
website properties the request is then redirected to the internal server,
this way it's not directly accessed by the outside world. I realize that
this requires an extra machine, but it's the only thing I can think of at
this time to separate these machines and direct access to overcome what
you're seeing.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[William Stacey [MVP]]

eg. computera.adm.uow.edu.au hosts a website. It's accessed by everyone as
computera.its.uow.edu.au so all is well and

good for name resolution. The webserver needs to generate a

self-referential URL, and uses its local name,

computera.adm.uow.edu.au. (I know apache and IIS won't do this, but it's a

generic example) An external client could still

encounter the dns problem we've been trying to fix. If this is unfixable

in any required app, we'll look at changing the host's

dns domain name to its.uow.edu.au and see if that breaks anything with

domain membership.

I am confused again. Why do you need self-referential URLs and more
computer names, etc? Seems like your creating other issues where non need
exist.
Why not do something like this:
1) Create a host A record on the public zone for computera.adm.uow.edu.au
with the public IP. That public IP points to the respective web server.
Now publicly, your done. Public clients resolve to IP and your done. Setup
other records like www.adm.uow.edu.au if you need the same way.

2) For internal clients, if they need to access computera.adm.uow.edu.au
they will use the private IP in the private zone. If for some reason, they
need the public IP, then setup the A record using a public IP in the private
zone.

Am I still missing something?