Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help with internal DNS zone issue

Status
Not open for further replies.
johnchilders

johnchilders

IS-IT--Management
Sep 24, 2007
4
US
Hi,

I am working for a company that has an active directory DNS zone company.com this is the same as the web url. I am migrating users into the active directory domain but am having an issue because when using the AD dns instead of the IP if you do an nslookup on company.com it lists the address of the domain controller. The issue is that my company uses yahoo for DNS (this is unfortunate, I know) and yahoo does not provide an adress for use to use in conjunction with an A record to fix the browsing issue. Any suggestions would be greatly appreciated. Thanks!
 
Sort by date Sort by votes
If your clients are using your dns server to resolve names and what not, when you do an nslookup it looks for the PTR record of that particular NS. So in effect it should show the ip of your company.com zone if the NS record has the IP of that DC.

What exactly is the problem what is happening? Also when you say your company uses Yahoo for dns, are you forwarding your requests to Yahoos dns servers instead of using something like root hints?

Cory
 
Upvote 0 Downvote
Sorry, I always forget to type something..

This PTR will be housed in your reverse lookup zone, this is where you can verify the ip -> name conflict (if there is any?)

Also I guess it would be important to distinguish, it is returning a private ip something along the lines of 192.168. or whatever your subnet is?

Cory
 
Upvote 0 Downvote
Yes it is returning the private network. I need the users to be able to type and be able to get to the website. A lot of the tools they use are published to the company website. Yahoo hosts the DNS and the website; however they do not provide an IP address for me to create an A record on the internal DNS for that webpage. Hopefully that is a little clearer. Thanks!
 
Upvote 0 Downvote
Ok so you host your own website, how did you setup the site for obtaining its address, do you use host headers, or is it specifically assigned an IP? Are you port forwarding all port 80 requests to a specific box, with the single site using the <all available addresses> or is it assigned an internal ip.

There is probably a few ways around this but we will need to hash out a couple more details.

Cory
 
Upvote 0 Downvote
No, I'm bad at explaining this via messageboard.

a) Website and DNS are both hosted by yahoo, that was setup before I got here.

b) Both the website and the AD integrated DNS have the same name, xxxxxx.com.

so

c) when clients use the newly configured internal DNS server(the Active Directory integrated DNS zone xxxxx.com)they can not access because it is pointing towards the DC running DNS.

I need to find a way to get that http request to go to the companies website. I would create a host record for the site's public IP address but yahoo splits it across a load balancer/clusters it and doesn't provide an address be it the address of the cluster/balancer for me to set the A record to. Does that explain it better? I'm no DNS guru so I need to figure out the best way to accomplish that. Possibly forwarding the request for xxxx.com?
 
Upvote 0 Downvote
Ok that makes it clear (at least more clear), so could you use a conditional fowarder for disable recursion and just setup the dns server that resolves this name? I guess in my experience the site ip never has changed so I would just setup the A record for that zone to point to the site ip.

Cory
 
Upvote 0 Downvote
Your AD domain should never be the same as your external domain. That's where the problem is. Your internal AD domain needs to be DIFFERENT than your external domain.

Good luck,
 
Upvote 0 Downvote
Although I agree on the basis of neater more tight design. I can see where this may have been implemented for lack of a thorough understanding of the naming process, specially with instructions like the following.


Per Microsoft site
"Note: As a best practice use DNS names registered with an Internet authority in the Active Directory namespace. Only registered names are guaranteed to be globally unique. If another organization later registers the same DNS domain name, or if your organization merges with, acquires, or is acquired by other company that uses the same DNS names then the two infrastructures can never interact with one another.

Add a prefix that is not currently in use to the registered DNS name to create a new subordinate name. For example, if your DNS root name were contoso.com then you should create an Active Directory forest root domain name such as concorp.contoso.com, where the namespace concorp.contoso.com is not already in use on the network. This new branch of the namespace will be dedicated to Active Directory and Windows 2000 and can easily be integrated with the existing DNS implementation. The rules for selecting a prefix are listed in Table 9."

Cory
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
6K
KenMeans
KenMeans
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
7K
tbright
tbright
Nick Ellson
  • Locked
  • Question
Bind9 with RPZ and local forwarding zones?
Replies
1
Views
6K
Nick Ellson
Nick Ellson
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
6K
technome
technome
dl12345
  • Locked
  • Question
IPV6 related issue on bind 9.16.1 on Ubuntu 20.04
Replies
1
Views
6K
dl12345
dl12345

Part and Inventory Search

Sponsor

Back
Top