There is an internal network and an external publically-accessible network. Each network has its own DNS server. The internal network uses non-routable IPs. Between the internal and the external network lies a proxy server. The proxy server translates the internal IP to a global IP when clients from the internal network wants to browse sites such as google. The internal network has some servers which can be accessible from the external network. The proxy server only lets request for port 80 to those servers. Nothing else comes in (and doesnt need to!!) unless the traffic was initiated from internal network like when clients from the internal network browses the internet.
When clients from the internal segment do a ping or nslookup for server1.project.nw.edu, the DNS server of the internal segment resolves it as it is authoritative for project.nw.edu zone. Now if the clients from the internal segment want to nslookup google.com or anything under the nw.edu DNS zone (like math.nw.edu, physics.nw.edu), then the DNS server of the internal segment would forward it to the public DNS server (which is authoritative for the nw.edu zone) which would resolve it and send it back recursively.
So, the clients’ DNS setup on the internal segment is set to resolve in the following order,
DNS server of internal segment
public DNS server
Everything is good so far and works as it should. But now here comes a new situation when a server was brought up in the internal network which hosts a web site. This web site will be publically accesible as project.nw.edu. The DNS record for this was created on the public DNS server. But now, when I try to ping or nslookup project.nw.edu from the internal network, I am unable to do so. I guess it could be because the internal DNS server zone name is itself called project.nw.edu. I can ping or nslookup project.nw.edu when I set the DNS resolve order on the clients to point directly to the public DNS server.
So, how do I make this possible?? I know this can be done as I can do a ping/nslookup for both nw.edu itself as well as records in the nw.edu zone. But I dont have access to the public DNS to see how they made it possible.
Please advice. How can I make this happen. What missing on my internal DNS server (Win 2003 AD/DNS)??
Thanks.
When clients from the internal segment do a ping or nslookup for server1.project.nw.edu, the DNS server of the internal segment resolves it as it is authoritative for project.nw.edu zone. Now if the clients from the internal segment want to nslookup google.com or anything under the nw.edu DNS zone (like math.nw.edu, physics.nw.edu), then the DNS server of the internal segment would forward it to the public DNS server (which is authoritative for the nw.edu zone) which would resolve it and send it back recursively.
So, the clients’ DNS setup on the internal segment is set to resolve in the following order,
DNS server of internal segment
public DNS server
Everything is good so far and works as it should. But now here comes a new situation when a server was brought up in the internal network which hosts a web site. This web site will be publically accesible as project.nw.edu. The DNS record for this was created on the public DNS server. But now, when I try to ping or nslookup project.nw.edu from the internal network, I am unable to do so. I guess it could be because the internal DNS server zone name is itself called project.nw.edu. I can ping or nslookup project.nw.edu when I set the DNS resolve order on the clients to point directly to the public DNS server.
So, how do I make this possible?? I know this can be done as I can do a ping/nslookup for both nw.edu itself as well as records in the nw.edu zone. But I dont have access to the public DNS to see how they made it possible.
Please advice. How can I make this happen. What missing on my internal DNS server (Win 2003 AD/DNS)??
Thanks.
