how to configure my internal dns to resolve external resources

windows-server-2008 domain-name-system active-directory

I have an internal DNS as part of my AD setup. I have an hosted DNS for public resources (which are typically at some data centre somewhere)

Occasionally while on our internal network I need to get to a public resource --- for example www.ourcompany.com since there isn't a www record in our internal DNS I cant get the name resolved.

How do I configure my DNS to forward names it doesn't recognise to the public DNS.

Update: As per the comment yes I have a "split-horizon" dns (which seemed like a good idea at the time) This AD setup is less than 24 hours old, and can be redone if need be -- (although I would rather not)


It sounds like you have split-horizons DNS, where your AD namespace and public-facing namespace are the same. If this is the case, you'll need to make an A record for www in your internal AD zone and set the correct external IP. Without this, internal clients won't be able to resolve it. This is because you have two sets of servers with disjoint information that are both authoritative for your DNS zone.

This is the exact reason that Microsoft recommends using an unused third-level domain name for your AD namespace. For example, if you own mycompany.com and you host public websites on it, you should use something like corp.mycompany.com or internal.mycompany.com for your Active Directory namespace. If you can do a domain rename (i.e. you have a simple client/server infrastructure with no Exchange in the domain), you should look into it. If you can't do a domain rename to fix this, you're in for some headaches.

Edit: Per your update, you should absolutely redo this since the install is only 24 hours old. Absolutely no doubt about it. Having a split-horizon DNS situation is never a good idea when it can be avoided. You can still have mycompany.com be the NetBIOS name of the domain, so users see MyComapny\User instead of something like Corp\User, but the FQDN of your AD namespace and the FQDN of your public facing DNS namespace should not be the same.


Go into your DNS Management Snapin. Right click on the DNS server you are managing. Select the "Forwarders" Tab and enter the DNS servers you want to forward requests to.

enter image description here


Your internal zone matches your external zone, right? So company.com is your internal AD zone and your external public zone? If that's the case then it can't be done with Windows Server DNS, that I'm aware of.

The Windows DNS server is authoritative for the zone as far as it's concerned so it's not going to forward requests for the zone to another DNS server, even if the request is for a DNS record that doesn't exist.

Related

modprobe not found at all
Windows authentication to IIS on local server with fully qualified url
ProxyPreserveHost on individual proxypass rules
How to stop asynctask thread in android?
How to convert char* to wchar_t*?
toRad() Javascript function throwing error
How best to read a File into List<string>
Google Chrome "window.open" workaround?
is memory leak? why java.lang.ref.Finalizer eat so much memory
How can I get a Unicode character's code?
Exporting an array in bash script
C++ printing boolean, what is displayed?