DNS Forwarder issue 1

[bence8810]

Hi

We are a global Organization, with VPN connection between our offices. We have a DNS forwarder wich is a local IP and connecting through VPN to the Americas. We are in Hungary. This DNS server is outdated somehow, and because its on the top of the list of the Forwarders, it makes our Emails not going out to certain domains, that are not resolving because the DNS server is not updated. Anyways, its a complicated issue, so I want to get rid of the Forwarder that is in the Americas. If I do that, and we use our ISP's DNS servers, all works like a charm. But, of course the VPN'd forwarder had an actual purpose, to translate local (to our company) websites to local IPs. We have an intranet site that is accessible from only our organization, and it has a local IP. But we usually get to it by typing a real

http://WWW address,

which translates to the local IP. The ISP's DNS server obviously cannot do this, and shouldnt, so I am trying to make our local DNS server do this.

What would I need to do to add an entry for the site? The site we visit looks similar to this.

http://www.intranet.ourcompany.com

Our local domain is ourcompany.local

If I add another (A) Host to the DNS, it will look like this

http://www.intranet.ourcompany.local

and that is not goot. Or it will look like this

http://www.intranet.ourcompany.com.ourcompany.local

which is not good either.

We have delegates visiting from other offices, and they also want to use this Intranet, so they will go to the address

http://www.intranet.ourcompany.com,

but it wont resolve. I can give out the IP of it, and our office members can browse the site like that, but still, I would like to keep it as its supposed to be, just eliminating the DNS forwarder.

Thanks very much for any help,

Ben

 

[ShackDaddy]

You may need to create another forward lookup zone for intranet.ourcompany.com and create a www record in that zone that points to the IP of the actual site.

This will fix the problem with the intranet, but I'm not sure if it will cause other problems for you (technically and politically). Is that the only site that you ever access in the intranet.ourcompany.com zone? Is there another server in the ourcompany.com that the intranet site refers to to get data? If so, you may have gaps in your site. It's worth a try for a start. As you find other resources across the VPN that your people need, you can create new zones and records, as long as you realize that changes made to DNS in the US offices won't be reflected locally. But since you aren't using the corporate forwarder, you aren't seeing that DNS anyway, so it's not as big a deal.

You might also think about asking to have your DNS server become a secondary for a couple key domains. That way your server would keep the needed zones locally, they wouldn't get out of sync with corporate's DNS, and you wouldn't have to use corporate's forwarder. This is really a better solution than creating a new forward lookup zone or two.

ShackDaddy

 

[bence8810]

Hi

Thanks, how come I didnt think of that. It works like a charm, now I only need to wait till it replicates to both of our DNS servers.

There is only this one thing on the intranet.company.com address, which is www. so I am probably Okay with this. On a side note, our corporation is moving toward a Global Domain structure, it will be done very soon, so the DNS issue should get resolved soon, since we will replicate with all other global servers. But this fix was quick and easy for the time being, I really appreciate your help.

Is there a limit of how many Zones I can create? Will that confuse things if I create a few other ones for similar purposes?

Thanks,

Ben

 

[ShackDaddy]

There's no limit. But yes, if those zones exist elsewhere, you may confuse things. But if there are zones that you really only communicate with 1 or 2 hosts on, then you could probably create those zones and records without much trouble ensuing. Avoid creating zones that are integral for AD communication, of course, like the root domain.

ShackDaddy

 

[bence8810]

Hi

I created the ZONE like I said, and it works like a charm. However, my IT supervisor told me he is worried about having some DNS confusion, when we browse to ourcompany.com addresses. I think there shouldnt be any worries, but please correct me if I am wrong.

I have in my ZONE, intranet.ourcompany.com so when we check something.ourcompany.com, it should go through the ISP's DNS right?

Thanks

Ben

 

[ShackDaddy]

Yes...assuming that 'something.ourcompany.com' is a publicly published DNS zone. Normally intranets aren't, so I thought that was pretty safe. If that HAD been publicly published, you wouldn't have needed to create your own zone file.

You may yet run into the need to contact other hosts in the 'intranet.ourcompany.com' zone, and you will have to add additional A-records to keep your requests from failing.

Of course, letting your DNS secondary would be ideal.

ShackDaddy

 

[bence8810]

Hi

Thanks, that is what I exactly thought. I hope this solution will work in the long run as well. We dont have any other pages we need to go to other than www. .

To set our DNS for the Key domains would not work, as we have over 100 offices wordwide, and only one domain that I know of.

Thanks for your help, you were really great getting this done.

Cheers

Ben