Split Brain DNS setup

  • Thread starter Thread starter Guest
  • Start date Start date
Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

I have 2 DNS servers running, my first is "DNS1.Hostname.com" and is public
containing my WWW, FTP, etc. My second DNS server "Local.Hostname.com" it is
a domain controller and is a fresh install.

I'm not sure what records I need to enter in the "Local.hostname.com" DNS.
From what I've read I need to enter a copy of my "Hostname.com" zone but I'm
not sure why and what records would I then need to add after that, WWW, FTP,
etc.? would they point to my DNS1.Hostname.com DNS server or to the
internet?

Thanks for any help you can give.

AJM,
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23N410pkWEHA.1000@TK2MSFTNGP12.phx.gbl,
Adam Marx <AdamMarx@WebAJM.com> posted their thoughts, then I offered mine
> I have 2 DNS servers running, my first is "DNS1.Hostname.com" and is
> public containing my WWW, FTP, etc. My second DNS server
> "Local.Hostname.com" it is a domain controller and is a fresh install.
>
> I'm not sure what records I need to enter in the "Local.hostname.com"
> DNS. From what I've read I need to enter a copy of my "Hostname.com"
> zone but I'm not sure why and what records would I then need to add
> after that, WWW, FTP, etc.? would they point to my DNS1.Hostname.com
> DNS server or to the internet?
>
> Thanks for any help you can give.
>
> AJM,


That6's all you really need, www and ftp. If mail is hosted externally, then
you need a mail record, whatever your mail server name is. If mail is hosted
internally, then no mail record is needed.

More info
Split zone or split horizon
http://www.winnetmag.com/Windows/Article/ArticleID/39771/39771.html
http://www.microsoft.com/serviceproviders/whitepapers/split_dns.asp
http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon.html#SeparateContentServers


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

So, the WWW and FTP record should point to the internal IP to prevent a loop
back issue correct? What about any other zones that are hosted by the
external DNS server should they also be recreated in the Local DNS server
and like wise pointing to the internal IP of the DNS server?

Thanks,


"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:OT5$nbmWEHA.2972@TK2MSFTNGP12.phx.gbl...
> In news:%23N410pkWEHA.1000@TK2MSFTNGP12.phx.gbl,
> Adam Marx <AdamMarx@WebAJM.com> posted their thoughts, then I offered mine
> > I have 2 DNS servers running, my first is "DNS1.Hostname.com" and is
> > public containing my WWW, FTP, etc. My second DNS server
> > "Local.Hostname.com" it is a domain controller and is a fresh install.
> >
> > I'm not sure what records I need to enter in the "Local.hostname.com"
> > DNS. From what I've read I need to enter a copy of my "Hostname.com"
> > zone but I'm not sure why and what records would I then need to add
> > after that, WWW, FTP, etc.? would they point to my DNS1.Hostname.com
> > DNS server or to the internet?
> >
> > Thanks for any help you can give.
> >
> > AJM,
>
>
> That6's all you really need, www and ftp. If mail is hosted externally,
then
> you need a mail record, whatever your mail server name is. If mail is
hosted
> internally, then no mail record is needed.
>
> More info
> Split zone or split horizon
> http://www.winnetmag.com/Windows/Article/ArticleID/39771/39771.html
> http://www.microsoft.com/serviceproviders/whitepapers/split_dns.asp
>
http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon.html#SeparateContentServers
>
>
> --
> Regards,
> Ace
>
> Please direct all replies to the newsgroup so all can benefit.
> This posting is provided "AS-IS" with no warranties and confers no
> rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> pig. --
> =================================
>
>
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:uF%23Df6pWEHA.3716@TK2MSFTNGP11.phx.gbl,
Adam Marx <AdamMarx@WebAJM.com> posted their thoughts, then I offered mine
> So, the WWW and FTP record should point to the internal IP to prevent
> a loop
> back issue correct?

Not a "loop back issue" but rather the fact that a NAT device will not port
remap a request from the internal interface to the external interface and
back again internally. More like a port remap loop issue.

> What about any other zones that are hosted by the
> external DNS server should they also be recreated in the Local DNS
> server
> and like wise pointing to the internal IP of the DNS server?

Yes, if you have any others, they should be stipulated as well.

>
> Thanks,
>
>


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

Ace,

Is there a way to replicate the External DNS to the
Internal DNS without manually keying all the information
again?

Thanks.

AJM,

>-----Original Message-----
>In news:uF%23Df6pWEHA.3716@TK2MSFTNGP11.phx.gbl,
>Adam Marx <AdamMarx@WebAJM.com> posted their thoughts,
then I offered mine
>> So, the WWW and FTP record should point to the internal
IP to prevent
>> a loop
>> back issue correct?
>
>Not a "loop back issue" but rather the fact that a NAT
device will not port
>remap a request from the internal interface to the
external interface and
>back again internally. More like a port remap loop issue.
>
>> What about any other zones that are hosted by the
>> external DNS server should they also be recreated in
the Local DNS
>> server
>> and like wise pointing to the internal IP of the DNS
server?
>
>Yes, if you have any others, they should be stipulated as
well.
>
>>
>> Thanks,
>>
>>
>
>
>--
>Regards,
>Ace
>
>Please direct all replies to the newsgroup so all can
benefit.
>This posting is provided "AS-IS" with no warranties and
confers no
>rights.
>
>Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
>Microsoft Windows MVP - Active Directory
>
>HAM AND EGGS: A day's work for a chicken; A lifetime
commitment for a
>pig. --
>=================================
>
>
>.
>
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:2180301c45ac3$ccdc2ac0$a401280a@phx.gbl,
Adam Marx <anonymous@discussions.microsoft.com> posted their thoughts, then
I offered mine
> Ace,
>
> Is there a way to replicate the External DNS to the
> Internal DNS without manually keying all the information
> again?
>
> Thanks.
>
> AJM,

From your external DNS? Not feasible because the external zone is a Primary
and the internal is a Primary (even if AD Integrated, its acting as a
"Primary"), and if you make the internal a Secondary zone, then you would
need the external to allow updates then 2 things happen: 1.you will now be
exposing your whole internal structure to the outside world, and 2, the data
from the internal network are your private IPs and you cannot mix private
and public IPs on the outside.

Its not really that hard to make a couple entries internally with the
private IPs.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

I kind of thought it would be self defeating to have the
records automatically update because you have to change
the IP's from public to private.

I'm having a setup problem with this Internal DNS server,
I created the new zone on the internal DNS server the same
as my zone on my external DNS and it now points to my
internal DNS servers private IP instead of my public IP.
Now when I go to pull the site except from the external
DNS server all I get is a DNS error where the site can't
be found so I'm pretty sure I set this up wrong?

When I nslookup the domain name on my internal DNS server
it resolves to the private IP of the DNS server, shouldn't
it resolve to the public IP or at least the IP of the
external DNS server?

My AD name is the same as my external zone that I added so
I assume the FQDN of my internal DNS is
Local.domainname.com.

???????


>-----Original Message-----
>In news:2180301c45ac3$ccdc2ac0$a401280a@phx.gbl,
>Adam Marx <anonymous@discussions.microsoft.com> posted
their thoughts, then
>I offered mine
>> Ace,
>>
>> Is there a way to replicate the External DNS to the
>> Internal DNS without manually keying all the information
>> again?
>>
>> Thanks.
>>
>> AJM,
>
>From your external DNS? Not feasible because the external
zone is a Primary
>and the internal is a Primary (even if AD Integrated, its
acting as a
>"Primary"), and if you make the internal a Secondary
zone, then you would
>need the external to allow updates then 2 things happen:
1.you will now be
>exposing your whole internal structure to the outside
world, and 2, the data
>from the internal network are your private IPs and you
cannot mix private
>and public IPs on the outside.
>
>Its not really that hard to make a couple entries
internally with the
>private IPs.
>
>
>
>--
>Regards,
>Ace
>
>Please direct all replies to the newsgroup so all can
benefit.
>This posting is provided "AS-IS" with no warranties and
confers no
>rights.
>
>Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
>Microsoft Windows MVP - Active Directory
>
>HAM AND EGGS: A day's work for a chicken; A lifetime
commitment for a
>pig. --
>=================================
>
>
>.
>
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:21b6501c45b11$ec4ae740$a401280a@phx.gbl,
Adam Marx <anonymous@discussions.microsoft.com> posted their thoughts, then
I offered mine
> I kind of thought it would be self defeating to have the
> records automatically update because you have to change
> the IP's from public to private.
>
> I'm having a setup problem with this Internal DNS server,
> I created the new zone on the internal DNS server the same
> as my zone on my external DNS and it now points to my
> internal DNS servers private IP instead of my public IP.
> Now when I go to pull the site except from the external
> DNS server all I get is a DNS error where the site can't
> be found so I'm pretty sure I set this up wrong?
>
> When I nslookup the domain name on my internal DNS server
> it resolves to the private IP of the DNS server, shouldn't
> it resolve to the public IP or at least the IP of the
> external DNS server?
>
> My AD name is the same as my external zone that I added so
> I assume the FQDN of my internal DNS is
> Local.domainname.com.
>
> ???????
>
>
Like I said, you need 2 separate physical servers to do what you're doing.
And if they are the same zone name inside and out, you can't create two
zones of the same name on the one machine, as it appears you were trying to
do, unless I'm misunderstanding what you're trying to accomplish. The
internal zone on the internal DNS is for AD. You can't mix priv and public
data.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

I am running 2 seperate DNS servers, so I must not be
explaining myself clearly.

I have 2 boxes one external one internal. The external
houses all my publc Ip's and is working fine. The FQDN of
the box is "DNS1.Domainname.com.".

My Internal server at the moment only has 1 zone
webajm.com and that zone is also a zone on my external
DNS. The FQDN of the internal DNS server
is "Local.webajm.com." and it is a DC and is running AD, I
have 2 clients attached to this server which can ot
resolve webajm.com?

I hope I made it a little clearer?

Thanks,


>-----Original Message-----
>In news:21b6501c45b11$ec4ae740$a401280a@phx.gbl,
>Adam Marx <anonymous@discussions.microsoft.com> posted
their thoughts, then
>I offered mine
>> I kind of thought it would be self defeating to have the
>> records automatically update because you have to change
>> the IP's from public to private.
>>
>> I'm having a setup problem with this Internal DNS
server,
>> I created the new zone on the internal DNS server the
same
>> as my zone on my external DNS and it now points to my
>> internal DNS servers private IP instead of my public IP.
>> Now when I go to pull the site except from the external
>> DNS server all I get is a DNS error where the site can't
>> be found so I'm pretty sure I set this up wrong?
>>
>> When I nslookup the domain name on my internal DNS
server
>> it resolves to the private IP of the DNS server,
shouldn't
>> it resolve to the public IP or at least the IP of the
>> external DNS server?
>>
>> My AD name is the same as my external zone that I added
so
>> I assume the FQDN of my internal DNS is
>> Local.domainname.com.
>>
>> ???????
>>
>>
>Like I said, you need 2 separate physical servers to do
what you're doing.
>And if they are the same zone name inside and out, you
can't create two
>zones of the same name on the one machine, as it appears
you were trying to
>do, unless I'm misunderstanding what you're trying to
accomplish. The
>internal zone on the internal DNS is for AD. You can't
mix priv and public
>data.
>
>
>--
>Regards,
>Ace
>
>Please direct all replies to the newsgroup so all can
benefit.
>This posting is provided "AS-IS" with no warranties and
confers no
>rights.
>
>Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
>Microsoft Windows MVP - Active Directory
>
>HAM AND EGGS: A day's work for a chicken; A lifetime
commitment for a
>pig. --
>=================================
>
>
>.
>
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:21ccc01c45b65$1067a930$a401280a@phx.gbl,
Adam Marx <anonymous@discussions.microsoft.com> posted a question
Then Kevin replied below:
> I am running 2 seperate DNS servers, so I must not be
> explaining myself clearly.
>
> I have 2 boxes one external one internal. The external
> houses all my publc Ip's and is working fine. The FQDN of
> the box is "DNS1.Domainname.com.".
>
> My Internal server at the moment only has 1 zone
> webajm.com and that zone is also a zone on my external
> DNS. The FQDN of the internal DNS server
> is "Local.webajm.com." and it is a DC and is running AD, I
> have 2 clients attached to this server which can ot
> resolve webajm.com?
>
> I hope I made it a little clearer?

If any of the sites from the public DNS server are hosted locally you would
need those site on your internal DNS server, and they will need to resolve
to the IP of the server they are on.

e.g. the external DNS has a zone for domain.com, and all the records have
public IPs so people on the internet can access these sites.
How ever if any of the domain.com sites locally behind your router, you
would have to use the private IP from behind your router. The way I would
handle the situation is that say you only host www.domain.com locally and
all the others are hosted elsewhere, on your internal DNS create a zone
named www.domain.com and create a new host leaving the name field blank, and
give it the local IP of your webserver hosting the site. (click OK to create
the record anyway when it barks at you saying it now a vlid host name)
Doing it this way you only have to create the local records all the others
are forwarded to your external DNS to be given Public IPs.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:21ccc01c45b65$1067a930$a401280a@phx.gbl,
Adam Marx <anonymous@discussions.microsoft.com> posted their thoughts, then
I offered mine
> I am running 2 seperate DNS servers, so I must not be
> explaining myself clearly.
>
> I have 2 boxes one external one internal. The external
> houses all my publc Ip's and is working fine. The FQDN of
> the box is "DNS1.Domainname.com.".
>
> My Internal server at the moment only has 1 zone
> webajm.com and that zone is also a zone on my external
> DNS. The FQDN of the internal DNS server
> is "Local.webajm.com." and it is a DC and is running AD, I
> have 2 clients attached to this server which can ot
> resolve webajm.com?
>
> I hope I made it a little clearer?
>

I think so. So your AD zone name is called webajm.com. Correct?
Your external zone also has webajm.com, correct?
From the outside world, and assuming you're talking about http connectivity,
you can connect to http://webajm.com and display your web, correct?
From the inside however, you cannot connect to http://webajm.com and you
wind up getting the DC's default website, correct?

Well, if this is the case, that will be somewhat difficult because that
record is called the LdapIpAddress. Its registered by the DCs' netlogon
service and is used by a few things, namely GPO application:
\\webajm.com\sysvol\webajm.com\policies\{LongGuidPolicyNumber..etc}
and DFS:
\\webajm.com\corporateDFSroot

You can overcome this with a registry setting to kill the LdapIpAddress and
you can manually create or publish the IP you want, but it will effect
domain communication.

That's up to you. I can post you the registry steps to kill this but I would
not recommend this. Its one of the drawbacks of designing AD using the same
name internally and externally.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

>So your AD zone name is called webajm.com. Correct? Yes.

> From the outside world, and assuming you're talking about http
connectivity,
> you can connect to http://webajm.com and display your web, correct? Yes.

> From the inside however, you cannot connect to http://webajm.com and you
> wind up getting the DC's default website, correct? Yes, I get a DNS error
but it could be that I've stopped the internal website?

> You can overcome this with a registry setting to kill the LdapIpAddress
and
> you can manually create or publish the IP you want, but it will effect
> domain communication.

Do you think I really should modify the registry to get this to work?

From my interpretation of how Internal/External DNS was to work is that the
External DNS was to hold all the public IP's visible from the web and no
private IP's should be listed. My Internal DNS is in charge of the internal
function of the domain and wasn't supposed to hold any public IP's only
private IP's. My client's should all point to the internal DNS and any DNS
requests it couldn't resolve it would forward on to the External DNS for
resolution.

My External DNS is behind a router and is on 192.168.2.99 it holds the
public IP's of webajm.com and is not a DC or running AD it also has a second
NIC 192.168.1.99. My internal DNS is on 192.168.1.100 and currently I've
demoted it from AD and DC. It currently holds the zone webajm.com and the
server is named "Local". I added an A record in the zone webajm.com that
pointed to the external DNS server "192.168.1.99" and I added an A record
for the WWW."

So, I thought I should be able to resolve webajm.com and www.webajm.com
after adding the records and it does resolve to the IP's I gave it (private
IP's) but it won't open the site? I changed both records to reflect the
public IP's for webajm.com on the Internal DNS and the site came right up.

Shouldn't the Internal DNS server be forwarding on the request instead of
resolving it?


Kevin,

"If any of the sites from the public DNS server are hosted locally you would
need those site on your internal DNS server, and they will need to resolve
to the IP of the server they are on."

Are you referring to running my webserver on a box other than the external
DNS? If so, then they are both on the same box, DNS and Webserver that is.

"Doing it this way you only have to create the local records all the others
are forwarded to your external DNS to be given Public IPs."

I think it might be the forwarding piece that's not working, it's appears to
be resolving the domain webajm.com to 192.168.1.99 instead of to the public
IP?

AJM,


"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:eu8JO16WEHA.3716@TK2MSFTNGP11.phx.gbl...
> In news:21ccc01c45b65$1067a930$a401280a@phx.gbl,
> Adam Marx <anonymous@discussions.microsoft.com> posted their thoughts,
then
> I offered mine
> > I am running 2 seperate DNS servers, so I must not be
> > explaining myself clearly.
> >
> > I have 2 boxes one external one internal. The external
> > houses all my publc Ip's and is working fine. The FQDN of
> > the box is "DNS1.Domainname.com.".
> >
> > My Internal server at the moment only has 1 zone
> > webajm.com and that zone is also a zone on my external
> > DNS. The FQDN of the internal DNS server
> > is "Local.webajm.com." and it is a DC and is running AD, I
> > have 2 clients attached to this server which can ot
> > resolve webajm.com?
> >
> > I hope I made it a little clearer?
> >
>
> I think so. So your AD zone name is called webajm.com. Correct?
> Your external zone also has webajm.com, correct?
> From the outside world, and assuming you're talking about http
connectivity,
> you can connect to http://webajm.com and display your web, correct?
> From the inside however, you cannot connect to http://webajm.com and you
> wind up getting the DC's default website, correct?
>
> Well, if this is the case, that will be somewhat difficult because that
> record is called the LdapIpAddress. Its registered by the DCs' netlogon
> service and is used by a few things, namely GPO application:
> \\webajm.com\sysvol\webajm.com\policies\{LongGuidPolicyNumber..etc}
> and DFS:
> \\webajm.com\corporateDFSroot
>
> You can overcome this with a registry setting to kill the LdapIpAddress
and
> you can manually create or publish the IP you want, but it will effect
> domain communication.
>
> That's up to you. I can post you the registry steps to kill this but I
would
> not recommend this. Its one of the drawbacks of designing AD using the
same
> name internally and externally.
>
>
>
> --
> Regards,
> Ace
>
> Please direct all replies to the newsgroup so all can benefit.
> This posting is provided "AS-IS" with no warranties and confers no
> rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> pig. --
> =================================
>
>
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23ovE249WEHA.1036@TK2MSFTNGP10.phx.gbl,
Adam Marx <AdamMarx@WebAJM.com> posted their thoughts, then I offered mine
>> So your AD zone name is called webajm.com. Correct? Yes.
>
>> From the outside world, and assuming you're talking about http
>> connectivity, you can connect to http://webajm.com and display your
>> web, correct? Yes.
>
>> From the inside however, you cannot connect to http://webajm.com and
>> you wind up getting the DC's default website, correct? Yes, I get a
>> DNS error
> but it could be that I've stopped the internal website?
>
>> You can overcome this with a registry setting to kill the
>> LdapIpAddress and you can manually create or publish the IP you
>> want, but it will effect domain communication.
>
> Do you think I really should modify the registry to get this to work?
>
> From my interpretation of how Internal/External DNS was to work is
> that the External DNS was to hold all the public IP's visible from
> the web and no private IP's should be listed. My Internal DNS is in
> charge of the internal function of the domain and wasn't supposed to
> hold any public IP's only private IP's. My client's should all point
> to the internal DNS and any DNS requests it couldn't resolve it would
> forward on to the External DNS for resolution.
>
> My External DNS is behind a router and is on 192.168.2.99 it holds the
> public IP's of webajm.com and is not a DC or running AD it also has a
> second NIC 192.168.1.99. My internal DNS is on 192.168.1.100 and
> currently I've demoted it from AD and DC. It currently holds the zone
> webajm.com and the server is named "Local". I added an A record in
> the zone webajm.com that pointed to the external DNS server
> "192.168.1.99" and I added an A record for the WWW."
>
> So, I thought I should be able to resolve webajm.com and
> www.webajm.com after adding the records and it does resolve to the
> IP's I gave it (private IP's) but it won't open the site? I changed
> both records to reflect the public IP's for webajm.com on the
> Internal DNS and the site came right up.
>
> Shouldn't the Internal DNS server be forwarding on the request
> instead of resolving it?
>
>
> Kevin,
>
> "If any of the sites from the public DNS server are hosted locally
> you would need those site on your internal DNS server, and they will
> need to resolve to the IP of the server they are on."
>
> Are you referring to running my webserver on a box other than the
> external DNS? If so, then they are both on the same box, DNS and
> Webserver that is.
>
> "Doing it this way you only have to create the local records all the
> others are forwarded to your external DNS to be given Public IPs."
>
> I think it might be the forwarding piece that's not working, it's
> appears to be resolving the domain webajm.com to 192.168.1.99 instead
> of to the public IP?
>
> AJM,
>


Now we have a better and more accurate picture of your configuration, we can
suggest a resolution. I should have asked for a more accurate description in
the beginning.

No, you do not want to make those registry changes. Its not recommended
since it alters necessary domain communication and functionality. The best
thing is to live with just connecting with the www record, unless you can
change the AD DNS domain name.

On the internal DNS, if you stick with your current same name design, then
you have to manually create whatever records your internal users need to get
to on the "external" website. If the website's IP is Forwarding does NOT
work in this scenario. Why? Because forwarding will forward whatever names
it is NOT aware of. Since the internal DNS holds that name, then it believes
it has all the answers for that name. If it doesn't have the answer you
want, then it will not forward it since it believes it is authorative for
the zone.

Since you say that 192.168.2.99 is running your 'external' DNS and your
website, then create the www record on your 'internal' DNS with that IP
address. Not suggested to alter the LdapIpAddress (as I explained earlier)
to this address or else GPOs will ask that server for it's group policies
but it does not have them, your DCs do.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

Sorry, I wasn't being very clear before.

>The best thing is to live with just connecting with the www record, unless
you can
> change the AD DNS domain name.

My mail client expects me to log in using my domain name or
"user@webajm.com" so by only having a www record I think that's going to
cause some issues? However it is a possibility for me to change the Internal
DNS name does it matter what I change it to, I mean does it have to be a
registered domain?

"...Why? Because forwarding will forward whatever names it is NOT aware of."

I think you hit it on the head, the internal believes it is authoritive for
the domain webajm.com and therefore has no need to forward it on to the
external DNS.

> Since you say that 192.168.2.99 is running your 'external' DNS and your
> website, then create the www record on your 'internal' DNS with that IP
> address.

So, essentially the internal DNS would forward it on to the external DNs
and hence resolve the name?




"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:ujmdIG%23WEHA.2816@TK2MSFTNGP11.phx.gbl...
> In news:%23ovE249WEHA.1036@TK2MSFTNGP10.phx.gbl,
> Adam Marx <AdamMarx@WebAJM.com> posted their thoughts, then I offered mine
> >> So your AD zone name is called webajm.com. Correct? Yes.
> >
> >> From the outside world, and assuming you're talking about http
> >> connectivity, you can connect to http://webajm.com and display your
> >> web, correct? Yes.
> >
> >> From the inside however, you cannot connect to http://webajm.com and
> >> you wind up getting the DC's default website, correct? Yes, I get a
> >> DNS error
> > but it could be that I've stopped the internal website?
> >
> >> You can overcome this with a registry setting to kill the
> >> LdapIpAddress and you can manually create or publish the IP you
> >> want, but it will effect domain communication.
> >
> > Do you think I really should modify the registry to get this to work?
> >
> > From my interpretation of how Internal/External DNS was to work is
> > that the External DNS was to hold all the public IP's visible from
> > the web and no private IP's should be listed. My Internal DNS is in
> > charge of the internal function of the domain and wasn't supposed to
> > hold any public IP's only private IP's. My client's should all point
> > to the internal DNS and any DNS requests it couldn't resolve it would
> > forward on to the External DNS for resolution.
> >
> > My External DNS is behind a router and is on 192.168.2.99 it holds the
> > public IP's of webajm.com and is not a DC or running AD it also has a
> > second NIC 192.168.1.99. My internal DNS is on 192.168.1.100 and
> > currently I've demoted it from AD and DC. It currently holds the zone
> > webajm.com and the server is named "Local". I added an A record in
> > the zone webajm.com that pointed to the external DNS server
> > "192.168.1.99" and I added an A record for the WWW."
> >
> > So, I thought I should be able to resolve webajm.com and
> > www.webajm.com after adding the records and it does resolve to the
> > IP's I gave it (private IP's) but it won't open the site? I changed
> > both records to reflect the public IP's for webajm.com on the
> > Internal DNS and the site came right up.
> >
> > Shouldn't the Internal DNS server be forwarding on the request
> > instead of resolving it?
> >
> >
> > Kevin,
> >
> > "If any of the sites from the public DNS server are hosted locally
> > you would need those site on your internal DNS server, and they will
> > need to resolve to the IP of the server they are on."
> >
> > Are you referring to running my webserver on a box other than the
> > external DNS? If so, then they are both on the same box, DNS and
> > Webserver that is.
> >
> > "Doing it this way you only have to create the local records all the
> > others are forwarded to your external DNS to be given Public IPs."
> >
> > I think it might be the forwarding piece that's not working, it's
> > appears to be resolving the domain webajm.com to 192.168.1.99 instead
> > of to the public IP?
> >
> > AJM,
> >
>
>
> Now we have a better and more accurate picture of your configuration, we
can
> suggest a resolution. I should have asked for a more accurate description
in
> the beginning.
>
> No, you do not want to make those registry changes. Its not recommended
> since it alters necessary domain communication and functionality. The best
> thing is to live with just connecting with the www record, unless you can
> change the AD DNS domain name.
>
> On the internal DNS, if you stick with your current same name design, then
> you have to manually create whatever records your internal users need to
get
> to on the "external" website. If the website's IP is Forwarding does NOT
> work in this scenario. Why? Because forwarding will forward whatever names
> it is NOT aware of. Since the internal DNS holds that name, then it
believes
> it has all the answers for that name. If it doesn't have the answer you
> want, then it will not forward it since it believes it is authorative for
> the zone.
>
> Since you say that 192.168.2.99 is running your 'external' DNS and your
> website, then create the www record on your 'internal' DNS with that IP
> address. Not suggested to alter the LdapIpAddress (as I explained earlier)
> to this address or else GPOs will ask that server for it's group policies
> but it does not have them, your DCs do.
>
>
>
> --
> Regards,
> Ace
>
> Please direct all replies to the newsgroup so all can benefit.
> This posting is provided "AS-IS" with no warranties and confers no
> rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> pig. --
> =================================
>
>
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:e6pwru%23WEHA.2816@TK2MSFTNGP11.phx.gbl,
Adam Marx <AdamMarx@WebAJM.com> posted their thoughts, then I offered mine
> Sorry, I wasn't being very clear before.
>
>> The best thing is to live with just connecting with the www record,
>> unless you can change the AD DNS domain name.
>
> My mail client expects me to log in using my domain name or
> "user@webajm.com" so by only having a www record I think that's going
> to cause some issues? However it is a possibility for me to change
> the Internal DNS name does it matter what I change it to, I mean does
> it have to be a registered domain?

Sorry, I'm not sure what you mean here. What sort of mail client are you
using? How is the mail client connecting? MAPI, IMAP4, OWA, or POP3 client?

Or maybe you're you talking about the UPN?

>
> "...Why? Because forwarding will forward whatever names it is NOT
> aware of."
>
> I think you hit it on the head, the internal believes it is
> authoritive for the domain webajm.com and therefore has no need to
> forward it on to the external DNS.

Well, you can still forward to it and from the 'external' machine forward to
the ISP. It will still resolve everything else.

>
>> Since you say that 192.168.2.99 is running your 'external' DNS and
>> your website, then create the www record on your 'internal' DNS with
>> that IP address.
>
> So, essentially the internal DNS would forward it on to the external
> DNs and hence resolve the name?
>
>

No. When you create the www record under the webajm.com zone on the
'internal' DNS, it will resolve it directly.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Archived from groups: microsoft.public.win2000.dns (More info?)

> Sorry, I'm not sure what you mean here. What sort of mail client are you
using? How is the mail client connecting? MAPI, IMAP4, OWA, or POP3 client?

I use Outlook Express and POP3, when logging in to retrieve my mail I must
use "user@webajm.com" so that record webajm.com needs to resolve to my
external IP.

> No. When you create the www record under the webajm.com zone on the
'internal' DNS, it will resolve it directly.

So, when entering the record www what address will it have? my public IP or
my External DNS IP (192.168.1.99)?

>However it is a possibility for me to change the Internal DNS name does it
matter what I change it to, I mean does it have to be a registered domain?

What do you think about this?

AJM,



"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:%23GuZhPKXEHA.1164@tk2msftngp13.phx.gbl...
> In news:e6pwru%23WEHA.2816@TK2MSFTNGP11.phx.gbl,
> Adam Marx <AdamMarx@WebAJM.com> posted their thoughts, then I offered mine
> > Sorry, I wasn't being very clear before.
> >
> >> The best thing is to live with just connecting with the www record,
> >> unless you can change the AD DNS domain name.
> >
> > My mail client expects me to log in using my domain name or
> > "user@webajm.com" so by only having a www record I think that's going
> > to cause some issues? However it is a possibility for me to change
> > the Internal DNS name does it matter what I change it to, I mean does
> > it have to be a registered domain?
>
> Sorry, I'm not sure what you mean here. What sort of mail client are you
> using? How is the mail client connecting? MAPI, IMAP4, OWA, or POP3
client?
>
> Or maybe you're you talking about the UPN?
>
> >
> > "...Why? Because forwarding will forward whatever names it is NOT
> > aware of."
> >
> > I think you hit it on the head, the internal believes it is
> > authoritive for the domain webajm.com and therefore has no need to
> > forward it on to the external DNS.
>
> Well, you can still forward to it and from the 'external' machine forward
to
> the ISP. It will still resolve everything else.
>
> >
> >> Since you say that 192.168.2.99 is running your 'external' DNS and
> >> your website, then create the www record on your 'internal' DNS with
> >> that IP address.
> >
> > So, essentially the internal DNS would forward it on to the external
> > DNs and hence resolve the name?
> >
> >
>
> No. When you create the www record under the webajm.com zone on the
> 'internal' DNS, it will resolve it directly.
>
> --
> Regards,
> Ace
>
> Please direct all replies to the newsgroup so all can benefit.
> This posting is provided "AS-IS" with no warranties and confers no
> rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> pig. --
> =================================
>
>
 
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:eB5G%23NQXEHA.4092@TK2MSFTNGP11.phx.gbl,
Adam Marx <AdamMarx@WebAJM.com> posted their thoughts, then I offered mine
>> Sorry, I'm not sure what you mean here. What sort of mail client are
>> you
> using? How is the mail client connecting? MAPI, IMAP4, OWA, or POP3
> client?
>
> I use Outlook Express and POP3, when logging in to retrieve my mail I
> must use "user@webajm.com" so that record webajm.com needs to resolve
> to my external IP.


Can't you just use the username without the @webajm.com?

Unfortunately that will cause problems with AD if you change that
internally. But yes, it can be changed. First need to disable LdapIpAddress
registration, then manually create the record with the IP you want. I can
provide the registry info to alter this is you like.

>
>> No. When you create the www record under the webajm.com zone on the
> 'internal' DNS, it will resolve it directly.
>
> So, when entering the record www what address will it have? my public
> IP or my External DNS IP (192.168.1.99)?

Set it to your web server's private IP address.

>
>> However it is a possibility for me to change the Internal DNS name
>> does it
> matter what I change it to, I mean does it have to be a registered
> domain?

No, any name will be fine. You can change it to webajm.internal,
webajm.corp, webajm.net. It doesn't have to be, and it's recommended that
it's not a registered name so no conflicts arise, as you've seen.

>
> What do you think about this?

It will work.

>
> AJM,
>
>
>
> "Ace Fekay [MVP]"
> <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
> message news:%23GuZhPKXEHA.1164@tk2msftngp13.phx.gbl...
>> In news:e6pwru%23WEHA.2816@TK2MSFTNGP11.phx.gbl,
>> Adam Marx <AdamMarx@WebAJM.com> posted their thoughts, then I
>> offered mine
>>> Sorry, I wasn't being very clear before.
>>>
>>>> The best thing is to live with just connecting with the www record,
>>>> unless you can change the AD DNS domain name.
>>>
>>> My mail client expects me to log in using my domain name or
>>> "user@webajm.com" so by only having a www record I think that's
>>> going to cause some issues? However it is a possibility for me to
>>> change
>>> the Internal DNS name does it matter what I change it to, I mean
>>> does it have to be a registered domain?
>>
>> Sorry, I'm not sure what you mean here. What sort of mail client are
>> you using? How is the mail client connecting? MAPI, IMAP4, OWA, or
>> POP3 client?
>>
>> Or maybe you're you talking about the UPN?
>>
>>>
>>> "...Why? Because forwarding will forward whatever names it is NOT
>>> aware of."
>>>
>>> I think you hit it on the head, the internal believes it is
>>> authoritive for the domain webajm.com and therefore has no need to
>>> forward it on to the external DNS.
>>
>> Well, you can still forward to it and from the 'external' machine
>> forward to the ISP. It will still resolve everything else.
>>
>>>
>>>> Since you say that 192.168.2.99 is running your 'external' DNS and
>>>> your website, then create the www record on your 'internal' DNS
>>>> with that IP address.
>>>
>>> So, essentially the internal DNS would forward it on to the
>>> external DNs and hence resolve the name?
>>>
>>>
>>
>> No. When you create the www record under the webajm.com zone on the
>> 'internal' DNS, it will resolve it directly.
>>
>> --
>> Regards,
>> Ace
>>
>> Please direct all replies to the newsgroup so all can benefit.
>> This posting is provided "AS-IS" with no warranties and confers no
>> rights.
>>
>> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
>> Microsoft Windows MVP - Active Directory
>>
>> HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
>> pig. --
>> =================================



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom