Add a fixed DNS entry to Active Directory DNS

Discussion in 'Windows Small Business Server' started by David Thielen, Sep 11, 2005.

  1. Hi;

    I am just setting up SBS. Here is the problem I am having with getting
    DNS set up.

    My network configuration is DSL modem -> Sonic Wall firewall with NAT
    -> switch -> all computers (including SBS server).

    One of the computers on the network is my web server. This computer is
    not a domain registered system because we are going to co-locate it in
    about 2 months.

    I need internal requests to www.domain.com to go to the internal IP
    address. If they use the external DNS address they will try to loop
    back through the firewall and that fails.

    How can I add a couple of permanent A records to the DNS when Active
    Directory controls it?

    thanks - dave


    [email protected]
    Windward Reports -- http://www.WindwardReports.com
    Page 2 Stage -- http://www.Page2Stage.com
    Enemy Nations -- http://www.EnemyNations.com
    me -- http://dave.thielen.com
    Barbie Science Fair -- http://www.BarbieScienceFair.info
    (yes I have lots of links)
     
    David Thielen, Sep 11, 2005
    #1
    1. Advertisements

  2. It looks like you just add the domains in the DNS manager?????

    thanks - dave




    [email protected]
    Windward Reports -- http://www.WindwardReports.com
    Page 2 Stage -- http://www.Page2Stage.com
    Enemy Nations -- http://www.EnemyNations.com
    me -- http://dave.thielen.com
    Barbie Science Fair -- http://www.BarbieScienceFair.info
    (yes I have lots of links)
     
    David Thielen, Sep 11, 2005
    #2
    1. Advertisements

  3. David Thielen

    Edward Tian Guest

    Dear Dave:
    Thanks for posting here.

    From the description, I understand that you want to add a couple of Host
    Records in your internal DNS Server so that your internal client can access
    one of your internal website via these A records. If I have misunderstood
    your concern, please feel free to let me know.

    To do that, please perform the following steps:

    Go to the SBS Server, and then create a new zone in the DNS management
    console:
    a. Click 'Start'->'Programs'->'Administrative Tools', select 'DNS'.

    b. In the left pane, expand to 'Forward Lookup Zones', right-click it and
    choose 'New Zone¡­'.

    c. Select Primary zone, click Next. Select 'To all domain controllers in
    the Active Directory domain', click Next.

    d. On the Zone Name page, type domain.com, click Next and then click Finish.

    e. In the left pane, you will notice that the new zone has been created,
    right-click the zone name and select 'New Host (A)¡­'.

    f. Enter 'www' to be the name, afterwards you will see the FQDN name
    changes to 'www.domain.com' automatically. Then type the internal IP
    address of your web site server, click Add Host.

    g. Click 'Start'->'Run¡­', type 'ipconfig/flushdns' and
    'ipconfig/registerdns'.

    After we create the Host Record for your web site in your DNS Server, the
    internal client users will be able access the website by typing
    'www.domain.com'. This record is responsible for resolving www.domain.com
    to the internal IP address of the web server (for example: 192.168.1.1).

    We call the above solution as "Split DNS". Here, I would like to explain
    the infrastructure of the DNS resolution and what causes the loop back
    problem.

    When an internal client try to access a web site which is also located in
    the same network:
    1. The internal client queries the DNS server for www.domain.com.

    2. The DNS server returns the internet IP address of the Server to the
    internal client. This IP address is the same the external network client
    received, for example: 157.60.115.147.

    3. The internal client then "loops back" through the external interface of
    the Server. In your case, the internal client sends the request to the
    external interface of the router.

    4. The router forwards the request to the Web server on the internal
    network.

    Then the request will fail because the Web server responds directly to the
    client and not to the router. The client isn't expecting a response from
    the web server directly, since the original request was sending to the
    gateway, not directly to the internal network Web server. Because of this,
    the client will drop the packet sent to it by the Web server. To avoid loop
    back, we can create a couple of permanent A records in the DNS Server which
    is described above.

    Hope the above information helps. If you have any questions or concerns,
    please feel free to let me know, I'm glad to be of the assistance.

    Have a nice day! :)

    Best Regards
    Edward Tian(MSFT)
    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security
    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    | From: David Thielen <>
    | Subject: Add a fixed DNS entry to Active Directory DNS
    | Date: Sun, 11 Sep 2005 16:24:31 -0600
    | Reply-To:
    | Message-ID: <>
    | X-Newsreader: Forte Agent 2.0/32.652
    | MIME-Version: 1.0
    | Content-Type: text/plain; charset=us-ascii
    | Content-Transfer-Encoding: 7bit
    | Newsgroups: microsoft.public.windows.server.sbs
    | NNTP-Posting-Host: vc4-2-0-321a.dsl.netrack.net 199.45.247.98
    | Lines: 1
    | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
    | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:152432
    | X-Tomcat-NG: microsoft.public.windows.server.sbs
    |
    | Hi;
    |
    | I am just setting up SBS. Here is the problem I am having with getting
    | DNS set up.
    |
    | My network configuration is DSL modem -> Sonic Wall firewall with NAT
    | -> switch -> all computers (including SBS server).
    |
    | One of the computers on the network is my web server. This computer is
    | not a domain registered system because we are going to co-locate it in
    | about 2 months.
    |
    | I need internal requests to www.domain.com to go to the internal IP
    | address. If they use the external DNS address they will try to loop
    | back through the firewall and that fails.
    |
    | How can I add a couple of permanent A records to the DNS when Active
    | Directory controls it?
    |
    | thanks - dave
    |
    |
    | [email protected]
    | Windward Reports -- http://www.WindwardReports.com
    | Page 2 Stage -- http://www.Page2Stage.com
    | Enemy Nations -- http://www.EnemyNations.com
    | me -- http://dave.thielen.com
    | Barbie Science Fair -- http://www.BarbieScienceFair.info
    | (yes I have lots of links)
    |
     
    Edward Tian, Sep 12, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.