add external domain mapping to local machine ?

I'm using windows server 2003.
For one external address say foo.bar.com, I want local machines in our
domain to find foo.bar.com mapping to a local machine say 123.456.789.1 All
dns requests are routed through our server before going outside, so I guess
I need to add an entry on the server dns service mapping foo.bar.com to
123.456.789.1 ?

Tony

"tonyb61" <> wrote in message
news:73528DC5-2CA2-4310-8D4C-...
> I'm using windows server 2003.
> For one external address say foo.bar.com, I want local machines in our
> domain to find foo.bar.com mapping to a local machine say 123.456.789.1
> All dns requests are routed through our server before going outside, so I
> guess I need to add an entry on the server dns service mapping foo.bar.com
> to 123.456.789.1 ?

There is no "mapping",..no such thing. It is just normal DNS with a normal
CNAME Record

It is called Split-DNS.
You create a normal standard Zone that is not AD Integrated,...that is
called "foobar.com" (note only one dot).
Create a CNAME record and point it to the Host Record of the machine on the
local LAN.

Take note!!! Once you do this then you have to include in the new Zone
*any* other records related to "foobar.com" because as far as your LAN is
concerned your AD/DNS has now become the authoritative DNS for that Zone.
That does not effect the outside world at all, but it effects your LAN.


--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Phillip Windell" <> wrote in message
news:...
>
> "tonyb61" <> wrote in message
> news:73528DC5-2CA2-4310-8D4C-...
>> I'm using windows server 2003.
>> For one external address say foo.bar.com, I want local machines in our
>> domain to find foo.bar.com mapping to a local machine say 123.456.789.1
>> All dns requests are routed through our server before going outside, so I
>> guess I need to add an entry on the server dns service mapping
>> foo.bar.com to 123.456.789.1 ?
>
> There is no "mapping",..no such thing. It is just normal DNS with a
> normal CNAME Record
>
> It is called Split-DNS.
> You create a normal standard Zone that is not AD Integrated,...that is
> called "foobar.com" (note only one dot).
> Create a CNAME record and point it to the Host Record of the machine on
> the local LAN.
>
> Take note!!! Once you do this then you have to include in the new Zone
> *any* other records related to "foobar.com" because as far as your LAN is
> concerned your AD/DNS has now become the authoritative DNS for that Zone.
> That does not effect the outside world at all, but it effects your LAN.
>
>
> --
> Phillip Windell
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------

That seems to do the job.

Thanks
Tony

"Phillip Windell" <> wrote in message news:...
>
> "tonyb61" <> wrote in message
> news:73528DC5-2CA2-4310-8D4C-...
>> I'm using windows server 2003.
>> For one external address say foo.bar.com, I want local machines in our
>> domain to find foo.bar.com mapping to a local machine say 123.456.789.1
>> All dns requests are routed through our server before going outside, so I
>> guess I need to add an entry on the server dns service mapping foo.bar.com
>> to 123.456.789.1 ?
>
> There is no "mapping",..no such thing. It is just normal DNS with a normal
> CNAME Record
>
> It is called Split-DNS.
> You create a normal standard Zone that is not AD Integrated,...that is
> called "foobar.com" (note only one dot).
> Create a CNAME record and point it to the Host Record of the machine on the
> local LAN.
>
> Take note!!! Once you do this then you have to include in the new Zone
> *any* other records related to "foobar.com" because as far as your LAN is
> concerned your AD/DNS has now become the authoritative DNS for that Zone.
> That does not effect the outside world at all, but it effects your LAN.
>
>
> --
> Phillip Windell
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>


Actually, I would suggest AD integrated, because if there are more than one DC/DNS server, you wouldn't want to go to the others and make secondary zone.

:-)



--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

That's true. I just dicovered that Sunday. On the project we had talk about
earlier I noticed that the DCs from the two domains at the second site were
"unaware" of the zones that were transfered between the DCs in the first
site.


--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------



"Ace Fekay [MVP-DS, MCT]" <> wrote in message
news:%...


Actually, I would suggest AD integrated, because if there are more than one
DC/DNS server, you wouldn't want to go to the others and make secondary
zone.

..

"Phillip Windell" <> wrote in message news:%23cwB%...
> That's true. I just dicovered that Sunday. On the project we had talk about
> earlier I noticed that the DCs from the two domains at the second site were
> "unaware" of the zones that were transfered between the DCs in the first
> site.
>


Zone transfers are a pain. It's so easy with AD integrated zones if DNS is on all the DCs. :-)

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

"Ace Fekay [MVP-DS, MCT]" <> wrote in message
news:%...
"Phillip Windell" <> wrote in message
news:%23cwB%...
> That's true. I just dicovered that Sunday. On the project we had talk
> about
> earlier I noticed that the DCs from the two domains at the second site
> were
> "unaware" of the zones that were transfered between the DCs in the first
> site.
>
> Zone transfers are a pain. It's so easy with AD integrated zones if DNS is
> on all the DCs. :-)

The old DC of the old Domain in the second Site never had DNS on it and I
did not have a Windows CD with me to add it in. Luckily that mess is about
to "go away". The new DCs I create will be fully equiped for their job.


--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Phillip Windell" <> wrote in message news:...
> "Ace Fekay [MVP-DS, MCT]" <> wrote in message
> news:%...
> "Phillip Windell" <> wrote in message
> news:%23cwB%...
>> That's true. I just dicovered that Sunday. On the project we had talk
>> about
>> earlier I noticed that the DCs from the two domains at the second site
>> were
>> "unaware" of the zones that were transfered between the DCs in the first
>> site.
>>
>> Zone transfers are a pain. It's so easy with AD integrated zones if DNS is
>> on all the DCs. :-)
>
> The old DC of the old Domain in the second Site never had DNS on it and I
> did not have a Windows CD with me to add it in. Luckily that mess is about
> to "go away". The new DCs I create will be fully equiped for their job.
>
>


Cool!

You know, when used to setup Windows 2003 on mine and customer sites, I always copied the i386 to the C: drive, and SP integrated it. This way whenever you have to add something, it's a cinch. Otherwise, you have to dig up the CD, install the feature, then by rights, you have to re-run the service pack. When I was asked to take care of customers in such a scenario, I would never re-run the service pack, for it will then reset Windows updates, and possibly cause problems with a bunch of other things. The best I found is to copy the i386, sp integrate it, then install the feature. If I wasn't *permitted* to copy the i386 (possibly due to their security SLAs), I would just install the feature and be done with it.

Ace

That's what I was thinking of doing too.

I didn't know you could SP integrate the files as they sat there on the HD.
I only know how to do that to the CD (creating an ISO in the process).


--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


"Ace Fekay [MVP-DS, MCT]" <> wrote in message
news:...

You know, when used to setup Windows 2003 on mine and customer sites, I
always copied the i386 to the C: drive, and SP integrated it. This way
whenever you have to add something, it's a cinch. Otherwise, you have to dig
up the CD, install the feature, then by rights, you have to re-run the
service pack. When I was asked to take care of customers in such a scenario,
I would never re-run the service pack, for it will then reset Windows
updates, and possibly cause problems with a bunch of other things. The best
I found is to copy the i386, sp integrate it, then install the feature. If I
wasn't *permitted* to copy the i386 (possibly due to their security SLAs), I
would just install the feature and be done with it.

Ace

"Phillip Windell" <> wrote in message news:ubpX$...
> That's what I was thinking of doing too.
>
> I didn't know you could SP integrate the files as they sat there on the HD.
> I only know how to do that to the CD (creating an ISO in the process).
>

If you copy the i386 to c:, so it will be located in c:\i386, expand the service pack (spName.exe /x, and choose a location to expand to), then run the update.exe with the following switches:
update /s:c:\

It will look for an i386 folder under c:\ and integrate it.

I don't remember seeing this option for Vista, 7 or 2008, but then again, the newer operating systems keeps a copy of the source files under the Windows folder. I usually just download an updated version of the OS from Open or MSDN.



--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.