how to configure my internal dns to resolve external resources
I have an internal DNS as part of my AD setup. I have an hosted DNS for public resources (which are typically at some data centre somewhere)
Occasionally while on our internal network I need to get to a public resource --- for example www.ourcompany.com since there isn't a www record in our internal DNS I cant get the name resolved.
How do I configure my DNS to forward names it doesn't recognise to the public DNS.
Update: As per the comment yes I have a "split-horizon" dns (which seemed like a good idea at the time) This AD setup is less than 24 hours old, and can be redone if need be -- (although I would rather not)
It sounds like you have split-horizons DNS, where your AD namespace and public-facing namespace are the same. If this is the case, you'll need to make an A record for www
in your internal AD zone and set the correct external IP. Without this, internal clients won't be able to resolve it. This is because you have two sets of servers with disjoint information that are both authoritative for your DNS zone.
This is the exact reason that Microsoft recommends using an unused third-level domain name for your AD namespace. For example, if you own mycompany.com
and you host public websites on it, you should use something like corp.mycompany.com
or internal.mycompany.com
for your Active Directory namespace. If you can do a domain rename (i.e. you have a simple client/server infrastructure with no Exchange in the domain), you should look into it. If you can't do a domain rename to fix this, you're in for some headaches.
Edit: Per your update, you should absolutely redo this since the install is only 24 hours old. Absolutely no doubt about it. Having a split-horizon DNS situation is never a good idea when it can be avoided. You can still have mycompany.com
be the NetBIOS name of the domain, so users see MyComapny\User
instead of something like Corp\User
, but the FQDN of your AD namespace and the FQDN of your public facing DNS namespace should not be the same.
Go into your DNS Management Snapin. Right click on the DNS server you are managing. Select the "Forwarders" Tab and enter the DNS servers you want to forward requests to.
Your internal zone matches your external zone, right? So company.com is your internal AD zone and your external public zone? If that's the case then it can't be done with Windows Server DNS, that I'm aware of.
The Windows DNS server is authoritative for the zone as far as it's concerned so it's not going to forward requests for the zone to another DNS server, even if the request is for a DNS record that doesn't exist.