DNS Question

[wkim623]

Hi all,

I just inherited a DNS server..in all the server seems to work fine but just not for a couple of A records that we setup for the company.

The 1st one is our VPN which is for example

vpn.company.com and the 2nd is our 2nd MX record which is maila.company.com.

If you do a nslookup outside our company both can be seen with the nslookup.

I am checking through the DNS configuration, the only oddity in the configs I see are a couple of cnames that is directed towards our local DNS server. In which we also have A records for, they are the webmail.company.com and our other mx record mail.company.com. I do not see why this was done, since we have A records. This zone is our company.com, I'm curious if this is what is causing the issue since the parent is company.com to all the A records.

Let me know if you need further information, it is our only DNS server. I think understand what/why CNAMES are used but since we have A records for each, I do not understand why these others were inputted.

 

[elgrandeperro]

I think I fanthom the situation. You have 2 CNAMES, webmail and mail and wonder what they are for? Typically you must at one time housed a mail server that had both a webmail interface and maybe a POP or IMAP interface. And those records were used to configure the email client, but perhaps you stopped and someone just pointed them there because they didn't know better.

 

[wkim623]

That sort of makes sense, we did have Lotus Notes on running before exchange was implemented not to long ago. So if I removed these statements since the Lotus Notes isn't running anymore, I should have no issues.

Anyway, after reading my post I think I wasn't very clear.

This is what is happening...

maila.arisetech.com when I do a nslookup externally it gives me the right response with the correct IP address.

When I do it internally within the company it states it can't find it. What I'm thinking the problem is, just am not sure..is that there is a zone in the DNS server called arisetech.com.

It points the arisetech.com to our IP for the website, and it has both cnames for webmail and the current/old a/mx record mail.arisetech.com and the fqdn host is our local dns server name.

It seems to me thats the issue on why it can't resolve maila.arisetech.com because of this zone in DNS. I'm not an expert at DNS but I believe that is it. Anyone can confirm this or have other input?

 

[elgrandeperro]

I think you are running a split DNS. Compare the SOA records of internal and external query, and see that they differ. If they don't differ, you might be running different "views" possibly from the same DNS server.
The easiest way to implement this is to make the internal server a master for the zone, so it never goes out to the external side to get answers. The downside is you need to update both sides for external changes.

$ dig -t soa aristech.com @mydnsserver

; <<>> DiG 9.4.2 <<>> -t soa aristech.com @dogbert
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42758
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;aristech.com. IN SOA

;; ANSWER SECTION:
aristech.com. 3600 IN SOA ns1.sdsns.com. nameserver.sds.co.kr. 1135926247 3600 300 604800 3600