local dns server entries

Discussion in 'NZ Computing' started by Richard, Feb 15, 2009.

  1. Richard

    Richard Guest

    I have a dns server here - windows 2003 its on.

    Anyway, I have a domain name that I want to put some entries on the
    server internally, but for everything else to go out to the real one on
    the net to resolve. At the moment I just have a .home.local domain
    resolving internally.

    I can add the .com one in on the server, but cannot find how to make it
    resolve anything thats not configured locally on the internet, I am
    assuming its possible. At the moment things resolve to my external IP
    which doesnt work when I am internal naturally.
     
    Richard, Feb 15, 2009
    #1
    1. Advertisements

  2. Richard

    Dave Doe Guest

    There are two things you need to do:
    1. get your DNS server to try and resolve (internet) names by setting
    your ISP DNS settings in the Forwarder tab (DNS server properties)

    2. get your internet name to resolve back to your server - at your
    nameserver for your domain name ("I can add the .com one in on the
    server") - (say GoDaddy.com), create an A record to point to your IP for
    the name you want (eg. 'www').

    eg you want to create a website on rich.com that you have registered on
    GoDaddy, logon to your GoDaddy account use their DNS management webpage
    and create a 'www' A record that points to your IP (and maybe even the
    default domain (rich.com) to point to 'you').

    Well that was a crap explanation! :)
     
    Dave Doe, Feb 15, 2009
    #2
    1. Advertisements

  3. Richard

    Dave Doe Guest

    Well yep - but that's the correct setup. The local DNS server serves
    local requests (all requests really), and if they fail they pass to the
    DNS servers you specify in the Fowarders tab. ie valid local addys
    should get resolved, all unresolvable addys get handed to the DNS
    servers specified in the Forwarders tab.

    Do you use the server to run DHCP too?
     
    Dave Doe, Feb 15, 2009
    #3
  4. Richard

    Richard Guest

    Yes, but everything has a static entry or a reservation so there isnt a
    need for the dynamic host name stuff. I think I turned it off after
    having the dns fill with every computer that ever came here for whatever
    reason.

    The thing is, as soon as I add in anything for the richms.com domain, it
    will not resolve anything else at it, like my external hosts. I guess I
    can add entrys for them internally but if my hosts shift me again then
    things will break if I have IPs locally on the server for the
    www.richms.com and richms.com entries that I always want to hit the
    hosted server.

    Not a big deal at the moment, its just I am getting really sick of
    changing hosts files when I get home so I thought that it would make
    things easier.
     
    Richard, Feb 15, 2009
    #4
  5. Richard

    Dave Doe Guest

    It sounds to me (not that I really understand what yer saying) that IIS
    is the problem. Have you got a site configured in IIS? - got the host-
    header info correct for it?
     
    Dave Doe, Feb 15, 2009
    #5
  6. Richard

    SteveM Guest

    Easy,

    So DHCP is running on the Win2003 Svr box and is configured to set the
    client machine to use the DNS service on the Win2003 box

    In the DNS management window, just add the _full_ domain name and internal
    IP address into the forward lookup zones.

    Highlight forward lookup zones on the left.
    In the right hand window, rightclick, New Zone, next, Primary zone, next,
    next.

    Zone Name is the full dns name of the server you want to point to
    internally - eg: server.foo.co.nz NOT foo.co.nz

    Then next, next, finish.

    Then choose server.foo.co.nz in the lefthand window.
    In the right hand window, rightclick and choose "new host (A)"

    LEAVE THE NAME BLANK

    put the internal IP address of the server in the IP address field.

    Click add.

    All done


    I use this for all my clients for things like terminal server, webmail,
    activesync, Outlook RPC over HTTP, etc, so that things are consistant both
    inside and outside the network.

    Good luck

    Bigted
     
    SteveM, Feb 15, 2009
    #6
  7. Richard

    Alan Guest

    Hi Richard,

    I am going from memory here, but I think you need to do the following:

    1) Open the DNS management console

    2) Open the server and look for something like 'Forward Lookup Zones'

    3) In there, create a new zone (rich.com). I cannot recall all the
    options you'll have to choose from in the config screens, but usually
    the defaults will be okay and you can always change them later if
    necessary.

    4) One the zone is created, add, say, an A record for www.rich.com and
    point it at the IP address you want it to be directed to.


    Test from your machine.

    This should mean that domain machines will use that lookup / IP
    address, but anyone from outside your domain will get whatever you
    public DNS records say.

    HTH,

    --

    Alan.

    The views expressed are my own, and not those of my employer or anyone
    else associated with me.

    My current valid email address is:



    This is valid as is. It is not munged, or altered at all.

    It will be valid for AT LEAST one month from the date of this post.

    If you are trying to contact me after that time,
    it MAY still be valid, but may also have been
    deactivated due to spam. If so, and you want
    to contact me by email, try searching for a
    more recent post by me to find my current
    email address.

    The following is a (probably!) totally unique
    and meaningless string of characters that you
    can use to find posts by me in a search engine:

    ewygchvboocno43vb674b6nq46tvb
     
    Alan, Feb 15, 2009
    #7
  8. I use dnsmasq to do this sort of thing. It also has security options like --
    stop-dns-rebind, to block certain kinds of attacks.
     
    Lawrence D'Oliveiro, Feb 15, 2009
    #8
  9. Richard

    Richard Guest

    No IIS server here, just things like the asterisk machine, ssh server, a
    couple of web servers on machines internally that I need to use a
    different IP when internal since the external IP isnt available for it
    unless I start to do some trickery on the firewall machine with another
    loopback address.
     
    Richard, Feb 16, 2009
    #9
  10. Richard

    Richard Guest

    Thanks, will give it a shot later on tonight.

    Will be doing something similar but with routers soon when I start to
    need to have access to several things at several locations.
     
    Richard, Feb 16, 2009
    #10
  11. Richard

    Enkidu Guest

    Say the host name of your server is 'server' and your registered Domain
    Name is 'domain.com'. Create a zone in your DNS server for, say,
    ..home.local. Add server's IP address to the .home.local zone (and any
    other machines on the home Internet. Go to the forwarders tab and add
    some DNS server on the net as the one to forward to. Ensure all your
    machines at home point to your DNS server for DNS name resolution.

    Your home machines will then send DNS requests to your server and it
    will directly resolve the .home.local addresses. For other addresses it
    will forward the request to the Internet server.

    When you bring your laptop home either change the DNS to point to the
    home DNS server or use DHCP to provide the DNS details.

    If you are asking if you can configure your DNS server so that the
    asterisk machine for example has a fully qualified Domain Name of
    asterisk.domain.com and you can still access server on the Internet that
    do not have a Domain Name of domain.com then you can do that. What you
    can't easily do is access asterisk.domain.com on your local network and
    www.domain.com somewhere out on the Internet (but if you own the Domain
    Name this shouldn't happen.

    Do you need access to your server(s) from the Internet? This is a common
    situation and it can be done. You presumably have one or more Internet
    Name Servers for your Domain Name? Add whatever servers you want to
    access to these DNS servers using the IP address of your gateway.
    Configure your gateway to forward traffic arriving on port 80 to your
    main web server on your network. Configure your gateway to forward
    traffic on port 8080 to your second server and so on. Then you can
    access your web server as http://www.domain.com. Your second server will
    be available at (say) asterisk.domain.com:8080 and so on.

    The crucial point is that your internal DNS system knows about internal
    name and addresses and forwards anything else to the outside DNS. The
    Internet DNS knows about your external address and that is all. You use
    different ports to tell the gateway where to send traffic. The external
    DNS knows nothing about your network at all.

    If your laptop normally belongs to a Windows Domain, DO NOT join it to
    your home workgroup (or Domain) unless you have sufficient permissions
    to rejoin the Domain. Many IT departments restrict this permission. I
    mention this just in case.....

    Cheers,

    Cliff

    --

    The NZ women's cricket team played 5 ODIs against Australia. They won
    the first two lost the second two and lost the Rosebowl because the last
    was rained off. The NZ men's cricket team also won the first two and
    lost the second and lost the C-H trophy because the last match was
    rained off. Coincidence? I think not!
     
    Enkidu, Feb 16, 2009
    #11
  12. Richard

    EMB Guest

    It's complicated at many levels.... were it my decision I'd confiscate
    all the laptops and give them desktop machines which is all they really
    need. And we run a piece of shit legacy app that *needs* local admin
    rights.
     
    EMB, Feb 16, 2009
    #12
  13. The wonderful thing about vendor lock-in is that it can even outlast the
    vendor.
     
    Lawrence D'Oliveiro, Feb 17, 2009
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.