Internally managing only certain DNS records for a domain

Hi,

This might be a bit of a strange one but I'd be really grateful if
someone was able to help me out on it...

We are hosting a sub-domain for another company on our internal web
servers, lets call this sub.other.com.  I need the PCs on our LAN to
be able to resolve its internal IP address rather than the external
one.  However, if I add other.com into my local Active Directory DNS,
it will mean that our LAN PCs will not be able to resolve other
subdomains of other.com, like www.other.com, as the server will say
the name does not exist.

I tried asking them to add a CNAME to sub-other.ourdomain.com so that
I could put in my own A record to this in our local DNS but it appears
that DNS does not work in the way that I thought it does i.e. it
does not make a separate request via our internal server for each alias
when each CNAME record is resolved, instead it just resolves the whole
chain on the first server that is able to answer the question.  This
is much more efficient of course, but does not help me to do what I
need to do.

Temporarily I have resorted to adding local records into the HOSTS
file of computers that need it but this is not very managable.

Anyone got any better ideas of how to do this?

Sam

Hi Sam,There is nothing stopping you from creating a Forward Lookup Zone

Hi Sam,

There is nothing stopping you from creating a Forward Lookup Zone called
internal IP (that will appear as "(same as parent folder)" in the console).

Flush the DNS cache on a client and you should find that a lookup for
sub.other.com resolves to the internal IP, while all other hosts under
other.com continue to resolve to public addressing.

HTH

Chris

Incidentally, this is something best configured on the firewall /router,

Incidentally, this is something best configured on the firewall /
router, sometimes referred to as DNS Loopback or NAT Loopback.

If that is not an option, the zone as described in my previous post will
work without compromising name resolution for everything else in that
domain.

Chris

Of course, that makes total sense now I think about it!

Of course, that makes total sense now I think about it!  The DNS zone
is now working fine, I will look for firewall settings tomorrow.  Thanks
very much for both ideas Chris.

Sam

You're welcome :)Chris

You're welcome :)

Chris

On 11/16/2009 9:46 AM, Chris Dent wrote:Very, VERY, *VERY* nice (if not nasty)

Very, VERY, *VERY* nice (if not nasty) trick.  I think I will add that to
my tool box.



Grant. . . .

Grant, this is a common trick, err, configuration, so to speak.

Grant, this is a common trick, err, configuration, so to speak. The reason
it works is that sub.other.com is a specific namespace. If any queries come
in with that namespace or zone, DNS will respond to it with what is in the
zone, otherwise, any queries to "anythingelse.com" will be recursed out
(either forwarders or Roots) because it does not host that zone. It looks
locally first for an exact match before it looks elswhere.

Ace

On 11/19/2009 11:44 PM, Ace Fekay [MCT] wrote:I understand completely why it

I understand completely why it work.  I had just never thought of using
it that way.  I love the idea.  I have also shared it with a couple of
groups of fellow administrators already.

it is one of those things that is so simple and obvious it gets missed.
You know, "...cannot see the forest for the trees...".



Grant. . . .

Good analogy. :-)Ace

Good analogy. :-)

Ace