Re: Split Brain DNS setup
From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 06/27/04
- Next message: Ace Fekay [MVP]: "Re: REVERSE DNS HELP"
- Previous message: Adam Marx: "Re: Split Brain DNS setup"
- In reply to: Adam Marx: "Re: Split Brain DNS setup"
- Next in thread: Adam Marx: "Re: Split Brain DNS setup"
- Reply: Adam Marx: "Re: Split Brain DNS setup"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 26 Jun 2004 20:54:58 -0400
In news:%23ovE249WEHA.1036@TK2MSFTNGP10.phx.gbl,
Adam Marx <AdamMarx@WebAJM.com> posted their thoughts, then I offered mine
>> So your AD zone name is called webajm.com. Correct? Yes.
>
>> From the outside world, and assuming you're talking about http
>> connectivity, you can connect to http://webajm.com and display your
>> web, correct? Yes.
>
>> From the inside however, you cannot connect to http://webajm.com and
>> you wind up getting the DC's default website, correct? Yes, I get a
>> DNS error
> but it could be that I've stopped the internal website?
>
>> You can overcome this with a registry setting to kill the
>> LdapIpAddress and you can manually create or publish the IP you
>> want, but it will effect domain communication.
>
> Do you think I really should modify the registry to get this to work?
>
> From my interpretation of how Internal/External DNS was to work is
> that the External DNS was to hold all the public IP's visible from
> the web and no private IP's should be listed. My Internal DNS is in
> charge of the internal function of the domain and wasn't supposed to
> hold any public IP's only private IP's. My client's should all point
> to the internal DNS and any DNS requests it couldn't resolve it would
> forward on to the External DNS for resolution.
>
> My External DNS is behind a router and is on 192.168.2.99 it holds the
> public IP's of webajm.com and is not a DC or running AD it also has a
> second NIC 192.168.1.99. My internal DNS is on 192.168.1.100 and
> currently I've demoted it from AD and DC. It currently holds the zone
> webajm.com and the server is named "Local". I added an A record in
> the zone webajm.com that pointed to the external DNS server
> "192.168.1.99" and I added an A record for the WWW."
>
> So, I thought I should be able to resolve webajm.com and
> www.webajm.com after adding the records and it does resolve to the
> IP's I gave it (private IP's) but it won't open the site? I changed
> both records to reflect the public IP's for webajm.com on the
> Internal DNS and the site came right up.
>
> Shouldn't the Internal DNS server be forwarding on the request
> instead of resolving it?
>
>
> Kevin,
>
> "If any of the sites from the public DNS server are hosted locally
> you would need those site on your internal DNS server, and they will
> need to resolve to the IP of the server they are on."
>
> Are you referring to running my webserver on a box other than the
> external DNS? If so, then they are both on the same box, DNS and
> Webserver that is.
>
> "Doing it this way you only have to create the local records all the
> others are forwarded to your external DNS to be given Public IPs."
>
> I think it might be the forwarding piece that's not working, it's
> appears to be resolving the domain webajm.com to 192.168.1.99 instead
> of to the public IP?
>
> AJM,
>
Now we have a better and more accurate picture of your configuration, we can
suggest a resolution. I should have asked for a more accurate description in
the beginning.
No, you do not want to make those registry changes. Its not recommended
since it alters necessary domain communication and functionality. The best
thing is to live with just connecting with the www record, unless you can
change the AD DNS domain name.
On the internal DNS, if you stick with your current same name design, then
you have to manually create whatever records your internal users need to get
to on the "external" website. If the website's IP is Forwarding does NOT
work in this scenario. Why? Because forwarding will forward whatever names
it is NOT aware of. Since the internal DNS holds that name, then it believes
it has all the answers for that name. If it doesn't have the answer you
want, then it will not forward it since it believes it is authorative for
the zone.
Since you say that 192.168.2.99 is running your 'external' DNS and your
website, then create the www record on your 'internal' DNS with that IP
address. Not suggested to alter the LdapIpAddress (as I explained earlier)
to this address or else GPOs will ask that server for it's group policies
but it does not have them, your DCs do.
-- Regards, Ace Please direct all replies to the newsgroup so all can benefit. This posting is provided "AS-IS" with no warranties and confers no rights. Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP Microsoft Windows MVP - Active Directory HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a pig. -- =================================
- Next message: Ace Fekay [MVP]: "Re: REVERSE DNS HELP"
- Previous message: Adam Marx: "Re: Split Brain DNS setup"
- In reply to: Adam Marx: "Re: Split Brain DNS setup"
- Next in thread: Adam Marx: "Re: Split Brain DNS setup"
- Reply: Adam Marx: "Re: Split Brain DNS setup"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
