MS DNS Query

[Hulkster]

I have a AD Domain network..for the sake of example it's abc.com

We run AD integrated DNS as part of this

Now, recently we've had a requirement to set up a VPN to a supplier and we want to access their hosts and naturalyl DNS would be the easiest solution

Before I go on I will say that I am more experienced with BIND dns than MS AD integrated, so I may just be missing something.

Anyway, in testing, it keeps appending the parent domain suffix

How can I make it such that if i ping hosta.xyz.com that it takes this as the FQDN and doesn't associate it with our parent domain?

Is this a valid config?

As an aside, if we for example have records for hosta.xyz.com and hostb.xyz.com and we have the zone for xyz.com on a local DNS server...will the server forward a request for say www.xyz.com or will recursion not be performed when a DNS zone exists on a local server?

I hope that's clear!

Cheers

 

[ethos]

A couple ways you could tackle this:

1. Put a . after the FQDN of the host at the supplier, e.g. "hosta.xyz.com." - This will prevent it from appending any suffixes.

2. Add xyz.com to the suffix search list in Active Directory, then created a conditional forwarder (or stub zone) for xyz.com- you may or may not need this based on a) your network topology b) the way the VPN/DNS is routed.

Bare in mind if you have a host on each network with the same flat name it'll resolve it to the first suffix in the list, which in most cases is the local domain.

 

[Hulkster]

Ethos - thanks for your help and apologies for the late reply.

I had looked at a stub zone - but is it true to say that for this to work we need to add their DNS server IPs to this zone (as NS records)?

This would be a handy scenario - but the remote site don't want to open UDP port 53 through their firewall and don't want us using their DNS servers (they actually provided the HOSTS file).

Ideally we need to resolve it internally (and by resolve i mean both DNS lookups and the overall task )

Another thought I had was to set up a standalone DNS server, maybe runnning BIND, maybe MS, then set up a stub zone pointing xyz.com to that server, and then that server dish out the lookups. This however seems inefficient to me?

In your scenario 1 - I had tried the trailing dot and it didnt seem to want to play ball on my test box. In this case was it just adding a regular forward lookup zone? I did this, setting a primary zone and turned off dynamic updates. This would seem a logical option, if it's a valid one?

Ta!

 

[Dogers]

We've got a number of domains hosted in our DNS and have never had to do anything fancy to get them to work. If we have www.xyz.com in DNS and ping that, it resolves that - it doesn't try it as www.xyz.com.ourdomain.com. How have you got it set up at the moment?

If they won't allow you to forward through to their DNS servers, then your best bet is simply to set up another zone with your servers as the primary authoritative hosts. Then add all the records they've supplied in the hosts file. You definitely don't need an additional server! You do really want a stub zone, but if there's nothing for it to pass queries to, then you're effectively authoritative.