>>I would like for our internal AD DNS to only host records for our internal systems and forward any other unresolved requests When a DNS server is told that it is authoritative for a zone, it takes that responsibility seriously. This means that it considers ANYTHING that is not in that zone non-existent. This means that your DNS server will NEVER forward a query for your domain name to another DNS server. You will have to live with this until DNS is re-written to support your desire. I don't see that happening anytime soon, though. Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Edwin Sent: Tue 12/14/2004 10:00 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Domain Name and DNS Problems That is why I mentioned the Perl script that is used. That is exactly what it does. But this is not what I would like to see. I would like for our internal AD DNS to only host records for our internal systems and forward any other unresolved requests. On Tue, 2004-12-14 at 09:29 -0500, Salandra, Justin A. wrote: Why don't you just duplicate the records in the public DNS zone to the private zone. That is what I do since both my internal and external namespaces are the same. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edwin Sent: Tuesday, December 14, 2004 9:04 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Domain Name and DNS Problems Hello Everyone. I have an ongoing problem and would like to get some assistance please. The domain that I am currently responsible for is the first domain that I have ever configured. As a result there was a lot of trial and error and most things were resolved but there remains this one problem that still lingers. I will try to explain as best as I can the scenario. I work for a company (mycompany.net) and we host many web servers out on the public Internet. Our servers follow a naming scheme that is dependent on the type of OS or special purpose for that server. i.e. w39322.mycompany.net for Windows Web Servers and l23841.mycompany.net for Linux servers. There are other naming conventions that is not important for this topic. Throughout the every day work environment we are constantly accessing these servers for trouble shooting, investigations or other general use. The web servers are authoritative to public name servers ns1.mycompany.net and ns2.mycompany.net When the domain was put online within our internal network, I used mycompany.net as the domain name. I also have DNS services for the domain on a one of the DC's. Since I have named our internal domain the same as our public domain, we ran into problems where we were no longer able to connect to our web servers on the Internet. As a workaround solution we wrote a Perl script that goes out to our public name servers and reads the mycompany.net zone and grabs any information that it does not have. The data is then written to a text file that then runs DNSCMD to import the data into the DC's DNS zone for mycompany.net This is okay but still problematic and ultimately not the solution that I would like to have. Our domain consists of: 1. 2 Win2K3 Standard DC's 2. 1 Win2K3 Standard File Server 3. 1 Win2K Exchange Server with Exchange 2000 4. Win2K Professional Workstations >From what I understand Win2K3 has a new feature that will allow for you to change the domain name of an already configured network. But this will not apply to me since I have Win2K Pro Clients and an Exchange 2K Server. We do have an internal name server but it is a caching name server for the authoritative public name server. It is my understanding that AD requires for the nameserver to be authoritative for the domain and support SRV records. SRV records are not a problem but the authoritative part is since our public name server hold that role and it is not able to be changed. Also, to make the server authoritative would mean that our internal systems could be known by the public Internet. Can anyone offer any suggestions to overcome this problem? Ultimately, what I would like to have done is for the mycompany.net zone on the AD DNS Server only to contain entries for our internal network. Any requests not resolved by the AD DNS server then get forwarded to the public name server. This would allow me to then clean up the zone for the AD DNS server and still have the functionality that we require. Is this possible? Thank you all for your replies. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/