windows dns problem

  • Thread starter Thread starter siegfried
  • Start date Start date
S

siegfried

Hello everybody

I´ve been going nuts to solve this problem and some colegues told me
that google groups rules so here it goes...

I have a unix DNS server that faces internet and is already registered
with "domain.com" and i want to build an internal active directory
domain enviroment for the windows desktop all around mi instituion,
nevertheless i want the internal windows domain to be also
"domain.com"
Te problem comes when internal windows dns tries to resolve
www.domain.com (or any other host registered in the unix box), this is
for me obvious because it is in local zone and no dns record is
available for it.

Y tried to use forwarder to my unix box so that it resolves domain.com
but it does not work, not even conditional because domain.com zone
exists.

¿Is there a way to force my windows dns server to forward querys of
its local zone to another server, in this case my unix box or the
internet ???

Changing local windows domain name to another is not an option (at
least for my boss).
I could use my unix box as dns for my clients (also as secondary), but
i would rather leave the windows dns server for windows desktop,
theres also the issue of not allowing dns updates on my unix box for
security reasons.

Cannot delete zone and create a secondary copy because i´d loose my
domain controller records.

Any help will be apreciated...
 
siegfried said:
Hello everybody

I´ve been going nuts to solve this problem and some colegues told me
that google groups rules so here it goes...
Click to expand...

Actually, I'd suggest you set up a newsreader like Outlook Express or Forte
Agent to connect directly to the MS newsgroups (etc) rather than Google
Groups or the MS web interface - it's a lot easier to do nearly everything
there, including searching, which is always a good idea to do before you
post, as well as mark messages to be watched, and filter based on replies to
your posts.

The Microsoft public news server is msnews.microsoft.com and you can
subscribe to as many groups as you like.
I have a unix DNS server that faces internet
Click to expand...

I hope it's not on your LAN - and you do know you need more than one server
if you're going to host your own public DNS, right? You're required to have
two nameservers.
and is already registered
with "domain.com" and i want to build an internal active directory
domain enviroment for the windows desktop all around mi instituion,
nevertheless i want the internal windows domain to be also
"domain.com"
Why?

Te problem comes when internal windows dns tries to resolve
www.domain.com (or any other host registered in the unix box), this is
for me obvious because it is in local zone and no dns record is
available for it.

Y tried to use forwarder to my unix box so that it resolves domain.com
but it does not work, not even conditional because domain.com zone
exists.
Click to expand...

Right, because your Windows/AD DNS server believes itself to be
authoritative for domain.com.
¿Is there a way to force my windows dns server to forward querys of
its local zone to another server, in this case my unix box or the
internet ???

Changing local windows domain name to another is not an option (at
least for my boss).
Click to expand...

OK - again, why? I guess if this is already built, you might as well leave
it, as there's no way to change the domain name in W2k short of a rebuild
from scratch - probably not worth it. If you haven't set up your domain yet,
you could use internal.domain.com or hq.domain.com or domain.lan or
domain.local (etc)
I could use my unix box as dns for my clients (also as secondary),
Click to expand...

No - you need to keep your AD DNS internal and your clients & servers should
not point to *any* DNS IP but the internal/AD DNS server's IP. If you have
only one internal DNS server for AD, clients & servers should have only one
DNS server specified, and it should be local. Use forwarders in your
internal DNS server to your ISP's DNS servers.
i would rather leave the windows dns server for windows desktop,
theres also the issue of not allowing dns updates on my unix box for
security reasons.
Click to expand...

Not only security reasons - you'd be mixing private/public stuff and that is
a very bad thing.
Cannot delete zone and create a secondary copy because i´d loose my
domain controller records.

Any help will be apreciated...
Click to expand...

In your internal/AD DNS, just create a host called www that points at the
public IP of your website.
 
In Lanwench [MVP - Exchange]
<[email protected]> made a post then
I commented below
::: I could use my unix box as dns for my clients (also as secondary),
::
:: No - you need to keep your AD DNS internal and your clients &
:: servers should not point to *any* DNS IP but the internal/AD DNS
:: server's IP. If you have only one internal DNS server for AD,
:: clients & servers should have only one DNS server specified, and it
:: should be local. Use forwarders in your internal DNS server to your
:: ISP's DNS servers.
::
::: i would rather leave the windows dns server for windows desktop,
::: theres also the issue of not allowing dns updates on my unix box for
::: security reasons.
::
:: Not only security reasons - you'd be mixing private/public stuff and
:: that is a very bad thing.
:::
::: Cannot delete zone and create a secondary copy because i´d loose my
::: domain controller records.
:::
::: Any help will be apreciated...
::
:: In your internal/AD DNS, just create a host called www that points
:: at the public IP of your website.

I agree Lanwench. Siegried will need two separate servers, one for the
private IPs on the internal domain, one for the external IPs for the
Internet. If external records need to be resolved under the same name, as
long as the internal DNS is used by ALL machines only, manually create the
records under the zone on the internal DNS server.


--
Regards,
Ace

G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
all internal clients should point to the internal DNS servers (domain.com) -
configure in DHCP is by far the simplest.
 
Back
Top