>>I would like for our internal AD DNS to only host records for our internal
systems and forward any other unresolved requests
When a DNS server is told that it is authoritative for a zone, it takes that
responsibility seriously. This means that it considers ANYTHING that is not
in that zone non-existent. This means that your DNS server will NEVER forward
a query for your domain name to another DNS server.
You will have to live with this until DNS is re-written to support your
desire. I don't see that happening anytime soon, though.
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: [EMAIL PROTECTED] on behalf of Edwin
Sent: Tue 12/14/2004 10:00 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Domain Name and DNS Problems
That is why I mentioned the Perl script that is used. That is exactly what
it does. But this is not what I would like to see. I would like for our
internal AD DNS to only host records for our internal systems and forward any
other unresolved requests.
On Tue, 2004-12-14 at 09:29 -0500, Salandra, Justin A. wrote:
Why don't you just duplicate the records in the public DNS zone to
the private zone. That is what I do since both my internal and external
namespaces are the same.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Edwin
Sent: Tuesday, December 14, 2004 9:04 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Domain Name and DNS Problems
Hello Everyone. I have an ongoing problem and would like to get some
assistance please.
The domain that I am currently responsible for is the first domain
that I have ever configured. As a result there was a lot of trial and error
and most things were resolved but there remains this one problem that still
lingers. I will try to explain as best as I can the scenario.
I work for a company (mycompany.net) and we host many web servers out
on the public Internet. Our servers follow a naming scheme that is dependent
on the type of OS or special purpose for that server. i.e.
w39322.mycompany.net for Windows Web Servers and l23841.mycompany.net for
Linux servers. There are other naming conventions that is not important for
this topic.
Throughout the every day work environment we are constantly accessing
these servers for trouble shooting, investigations or other general use. The
web servers are authoritative to public name servers ns1.mycompany.net and
ns2.mycompany.net
When the domain was put online within our internal network, I used
mycompany.net as the domain name. I also have DNS services for the domain on
a one of the DC's. Since I have named our internal domain the same as our
public domain, we ran into problems where we were no longer able to connect
to our web servers on the Internet. As a workaround solution we wrote a Perl
script that goes out to our public name servers and reads the mycompany.net
zone and grabs any information that it does not have. The data is then
written to a text file that then runs DNSCMD to import the data into the DC's
DNS zone for mycompany.net
This is okay but still problematic and ultimately not the solution
that I would like to have.
Our domain consists of:
1. 2 Win2K3 Standard DC's
2. 1 Win2K3 Standard File Server
3. 1 Win2K Exchange Server with Exchange 2000
4. Win2K Professional Workstations
>From what I understand Win2K3 has a new feature that will allow for
you to change the domain name of an already configured network. But this
will not apply to me since I have Win2K Pro Clients and an Exchange 2K
Server.
We do have an internal name server but it is a caching name server
for the authoritative public name server. It is my understanding that AD
requires for the nameserver to be authoritative for the domain and support
SRV records. SRV records are not a problem but the authoritative part is
since our public name server hold that role and it is not able to be changed.
Also, to make the server authoritative would mean that our internal systems
could be known by the public Internet.
Can anyone offer any suggestions to overcome this problem?
Ultimately, what I would like to have done is for the mycompany.net zone on
the AD DNS Server only to contain entries for our internal network. Any
requests not resolved by the AD DNS server then get forwarded to the public
name server. This would allow me to then clean up the zone for the AD DNS
server and still have the functionality that we require.
Is this possible?
Thank you all for your replies.
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
