Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Internal & External DNS

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 28-05-2008
Member
 
Join Date: May 2008
Posts: 3
Internal & External DNS

I have begun working for a company who has a public and private DNS that is different. On the internal side the AD network is company.local while there are stand alone systems registered to the company workgroup and are shown to the world as company.org. Both myself and another new admin are trying to remove the workgroup systems but when we try to publish with the company.local the addresses fail due to DNS. Additionally, just making a DNS entry under company.org does not forward correctly. So, does anyone know how I can have a system with 2 DNS names associated to my systems?

Reply With Quote
  #2  
Old 28-05-2008
Herb Martin
 
Posts: n/a
Re: Internal & External DNS


"jckylen" <jckylen.3a3b3e@DoNotSpam.com> wrote in message
news:jckylen.3a3b3e@DoNotSpam.com...
>
> I have begun working for a company who has a public and private DNS that
> is different. On the internal side the AD network is -company.local-
> while there are stand alone systems registered to the -company-
> workgroup and are shown to the world as -company.org-. Both myself and
> another new admin are trying to remove the workgroup systems but when we
> try to publish with the -company.local- the addresses fail due to DNS.


What does any of this have to do with "external DNS" from your subject
line?

> Additionally, just making a DNS entry under -company.org- does not
> forward correctly. So, does anyone know how I can have a system with 2
> DNS names associated to my systems?


You can have as many DNS names associated with a computer
as you wish but the computer will in some sense think of ITSELF
as being in but one Domain.

This is literally true for Active Directory, and close to 'true'
for the Primary Domain name of every Windows system.

You can have multiple NetBIOS names but this is not the
default -- e.g., for accessing shares and printers.


Reply With Quote
  #3  
Old 28-05-2008
Member
 
Join Date: May 2008
Posts: 3
Lets see if I can add some details.

1. The inside of our network is behind a firewall. We have both .local and .org names with the same company name assigned. With the internal DNS servers (inside the server 2003 AD environment) each of these "domains" are seperate and if the suffix isn't appended or specified the user doesn't see the server

2. On the outside the .local doesn't pass even with an entry on an external DNS server. Tried putting the system with a "fake" .org name but the internal servers don't seem to pass correctly from the outside to the inside. We do have a firewall which will pass the connection if I substitute the external IP address that is know and NATd to an internal IP address but if I use the servers name then that doesn't get thru.

So my less than clear question is how can I set up an outside DNS entry (ie. company.org) that will go to my internal server (company.local)? The attempt to make a straight up DNS entry didn't seem to work. I understand that if my domain is the same (company.???) than having children isn't a problem but the change from one extension to the next seems to be my problem (especially since .local doesn't seem to be working).
Reply With Quote
  #4  
Old 28-05-2008
Herb Martin
 
Posts: n/a
Re: Internal & External DNS


"jckylen" <jckylen.3a3jfb@DoNotSpam.com> wrote in message
news:jckylen.3a3jfb@DoNotSpam.com...
>
> Lets see if I can add some details.
>
> 1. The inside of our network is behind a firewall. We have both
> local and .org names with the same company name assigned. With the
> internal DNS servers (inside the server 2003 AD environment) each of
> these "domains" are seperate and if the suffix isn't appended or
> specified the user doesn't see the server
>
> 2. On the outside the .local doesn't pass even with an entry on an
> external DNS server. Tried putting the system with a "fake" .org name
> but the internal servers don't seem to pass correctly from the outside
> to the inside. We do have a firewall which will pass the connection if
> I substitute the external IP address that is know and NATd to an
> internal IP address but if I use the servers name then that doesn't get
> thru.
>
> So my less than clear question is how can I set up an outside DNS entry
> (ie. company.org) that will go to my internal server (company.local)?


Just set it up any any zone you choose -- you must set it up in
some externally valid zone if it is going to be useable on the Internet.

Of course, it will only be useful to give it a Name (any name) to
IP mapping IF the IP is routable from the outside too.

If your internal machine has a private address then you must map
to a NAT which has specific address or port mapping setup for it
so that the external world can route (through that NAT) to the
internal computer.

> The attempt to make a straight up DNS entry didn't seem to work. I
> understand that if my domain is the same (company.???) than having
> children isn't a problem but the change from one extension to the next
> seems to be my problem (especially since .local doesn't seem to be
> working).


Pretend that you machine is at this IP: 68.178.144.167

Pretend that the machines "official" or primary name is www.LearnQuick.Com

You can certainly put an entry in the carolAndHerb.com zone,
that maps ftp.carolAndHerb.com to 68.178.144.167

That's a real example.

Were I trying ot map it to 192.168.20.35 that would be harder unless
I had the NAT to translate some Internet routable address to this
actual address.




Reply With Quote
  #5  
Old 28-05-2008
Phillip Windell
 
Posts: n/a
Re: Internal & External DNS

My way of doing it is simple:

Hosts on the LAN use *only* the Internal DNS.
The DNS Service uses the External DNS in the forwarders list
The internal DNS has only the AD zone and nothing else.
Firewall allows the internal DNS to make outbound DNS queries.

If you have Split-DNS requirements, then add a second Primary zone for the
Public Domain to the internal DNS. Your external DNS will never be queried
for that Zone by internal Hosts, however it will still be queried by Public
hosts.

In our case I do not run an external DNS, to me it is pointless. Our ISP
handles the Public Authoritative DNS for our Public Domain. So I follow
this pattern

1. Hosts on the LAN use *only* the Internal DNS.
2. The ISP's DNS is used in the forwarders list
3. The internal DNS has the AD Zone and a second Standard Zone for the
Public Zone.
4. Firewall allows the internal DNS to make outbound DNS queries.
5. ISP's DNS is the only one the "public" is aware of and is the one that
handles the "queries" from the "public",...while my internal hosts always
query my internal DNS for either my AD Zone or my Public Zone.

It's simple, clean, and I only have the internal DNSs to maintain. I call
the ISP on the rare occasion that I need something changed there.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"jckylen" <jckylen.3a3jfb@DoNotSpam.com> wrote in message
news:jckylen.3a3jfb@DoNotSpam.com...
>
> Lets see if I can add some details.
>
> 1. The inside of our network is behind a firewall. We have both
> local and .org names with the same company name assigned. With the
> internal DNS servers (inside the server 2003 AD environment) each of
> these "domains" are seperate and if the suffix isn't appended or
> specified the user doesn't see the server
>
> 2. On the outside the .local doesn't pass even with an entry on an
> external DNS server. Tried putting the system with a "fake" .org name
> but the internal servers don't seem to pass correctly from the outside
> to the inside. We do have a firewall which will pass the connection if
> I substitute the external IP address that is know and NATd to an
> internal IP address but if I use the servers name then that doesn't get
> thru.
>
> So my less than clear question is how can I set up an outside DNS entry
> (ie. company.org) that will go to my internal server (company.local)?
> The attempt to make a straight up DNS entry didn't seem to work. I
> understand that if my domain is the same (company.???) than having
> children isn't a problem but the change from one extension to the next
> seems to be my problem (especially since .local doesn't seem to be
> working).
>
>
> --
> jckylen
> ------------------------------------------------------------------------
> jckylen's Profile: http://forums.techarena.in/members/50506.htm
> View this thread: Internal & External DNS
>
> http://forums.techarena.in
>



Reply With Quote
  #6  
Old 01-06-2008
Ace Fekay [MVP]
 
Posts: n/a
Re: Internal & External DNS

In news:jckylen.3a3jfb@DoNotSpam.com,
jckylen <jckylen.3a3jfb@DoNotSpam.com> typed:
> Lets see if I can add some details.
>
> 1. The inside of our network is behind a firewall. We have both
> local and .org names with the same company name assigned. With the
> internal DNS servers (inside the server 2003 AD environment) each of
> these "domains" are seperate and if the suffix isn't appended or
> specified the user doesn't see the server
>
> 2. On the outside the .local doesn't pass even with an entry on an
> external DNS server. Tried putting the system with a "fake" .org name
> but the internal servers don't seem to pass correctly from the outside
> to the inside. We do have a firewall which will pass the connection
> if I substitute the external IP address that is know and NATd to an
> internal IP address but if I use the servers name then that doesn't
> get thru.
>
> So my less than clear question is how can I set up an outside DNS
> entry (ie. company.org) that will go to my internal server
> (company.local)? The attempt to make a straight up DNS entry didn't
> seem to work. I understand that if my domain is the same
> (company.???) than having children isn't a problem but the change
> from one extension to the next seems to be my problem (especially
> since .local doesn't seem to be working).


What exactly are you trying to access from a machine on the outside world to
your internal network behind the NAT?
Logon to AD?
Access the mail server?
Access shares?
Join the machine to the AD domain?


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations



Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Internal & External DNS"
Thread Thread Starter Forum Replies Last Post
Internal/External DNS rileymartin Windows Server Help 11 22-03-2011 09:29 PM
How to use an internal SATA HDD as an external HDD?? deepu_bhai Operating Systems 2 22-10-2010 12:03 AM
Using Internal and External union SQL Queries Elbanco Software Development 4 06-11-2009 10:45 PM
Using an internal hdd as external, unsafe ? MahaGuru Hardware Peripherals 4 13-02-2009 11:39 AM
Using an external hdd as internal hdd? HyperCity Hardware Peripherals 2 13-02-2009 11:24 AM


All times are GMT +5.5. The time now is 05:04 PM.