Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Looking for a DNS answer....

Status
Not open for further replies.
detroit

detroit

MIS
Sep 13, 2002
160
0
0
CA
Here's what I want to do, hopefully someone has an answer....

I currently have 2 dns servers setup in our domain. It is setup as active directory, so basically, both DNS servers are the same.

Since DNS has to be on every workstation, everyone gets internet access.

What I would like to know is, is there a way of setting up 2 DNS servers, that are identical, but if a name is not found, do not go out to the internet to resolve. I want 1 server to be used for people that are supposed to have access to the internet, and 1 for the people that are not supposed to have access to the internet.

Can this be done setting up 2 standard primary servers?

Thanks

Detroit
 
Sort by date Sort by votes
If you're trying to deny access to the internet for certain people. I think you'll find that the easiest way is to deny it at the Firewall or Proxy.
 
Upvote 0 Downvote
Unfortunately, to do this at a Firewall level for over 200 users would get to be a pain. Proxy is not available anymore, so the next cheapest way would be to control the DNS entries for the workstations.

Detroit
 
Upvote 0 Downvote
well I know I just created an Internet group. Added members to it. Allowed it alone permission to the Internet on my ISA Server.
 
Upvote 0 Downvote
You could just make sure the computers that shouldn't have internet access are set up with an incorrect default gateway. As long as all your computers are on the same subnet this should allow them to access your network but not the internet.

Unfortunately I don't know if there's a good way to do this if you're using DHCP.
 
Upvote 0 Downvote
Unfortunately, I don't have the dollars to spend on ISA Server.

As for the option of an incorrect gateway, can't be done as we have 7 sites and they all need a correct gateway....

Any other solutions?

Detroit
 
Upvote 0 Downvote
Hi

Are these 2 servers in the same domain? Or is one a child domain off of the forest root?

Have you thought of DNS forwarders or GPOs?

Regards,

Gaz
 
Upvote 0 Downvote
Both would be on the same domain, in the same location.

Can you elaborate on the DNS forwarders and GPO's?

Detroit
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
244
suncit
suncit
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
186
gbaughma
gbaughma
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
300
gbaughma
gbaughma
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
185
fightaccording
fightaccording
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
167
mangentle
mangentle

Part and Inventory Search

Sponsor

Back
Top