Re: Flat Domain DNS Problem

In news:C526C8AD-3FB3-4942-A82E-7F18A8F05609@xxxxxxxxxxxxx,
specialk <specialk@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I then commented
below:
> Hello all - First of all thank you for any of your input, it is much
> appreciated.
>
> I have a 3 site WAN and it is all one flat 2003 Domain. All DNS
> Servers in the domain have Active Directory - Integrate DNS enabled.
>
> The problem I have is that I have 3 hosts in the DMZ in one site.
> Those local clients in that site have obviously no problem accessing
> those hosts.
>
> I need the other two sites to access those particular hosts by their
> external IP Address. Since they are all active directory integrated
> DNS servers, all three sites have the same records for these hosts.
> And I don't want to add multiple records for these hosts because
> occasionally it would fail and this application and my users are
> unforgiving.
>
> I would rather not go around to the machines and manipulate local
> host files or break my current configuration.
>
> The main reason I am doing this is because of bandwidth constraints.
>
> I was wondering if there is some kind of site specific DNS resolution
> or one where I don't have to break out of the active directory
> integrated DNS setup I have.
>
> Thanks again for the help...

May I assume your definition of a "flat domain" means that you only have one
domain in your forest and you have branch offices all in the same domain?

I will also assume the DMZ in that one site is using a public IP address.
That will be reachable by anyone on the Internet. Have you tried to just
create the necessary record for that DMZ host and provide the external IP
under your zone? The zone is AD Integrated anyway and will be available on
all DCs. If there are problems accessing it based on routing, you can create
static routes in your VPNs to access that by the NAT device connecting to
that DMZ.

If I missed something, please feel free to elaborate.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================


.

Relevant Pages

  • Re: Flat Domain DNS Problem
    ... and a batch script to distribute it to the DMZ machines when you need to make changes. ... have a DNS server on the same system, the hosts file is not used to provide answers for DNS - it is stricly a resolution mechanism. ... depending on the suffix assignments on the machines - but this also only works for some environments. ...
    (microsoft.public.windows.server.dns)
  • Re: freebsd and MS Active Directory
    ... >>need to make both of these boxes conform to their Active Directory network. ... for the two BSD hosts. ... >>I think what he was referring to is DNS and IP assignments, ... > stuff in a zone dump from our MS DNS server). ...
    (freebsd-questions)
  • Re: PIX access list stops external DNS lookup
    ... >> I have a mail relay in a DMZ, which I want to be able to do a DNS ... >> It and other hosts on the DMZ subnet can do this by default, ... > through the PIX on interface DMZ4 to be routed to the outside and on to the ...
    (comp.security.firewalls)
  • Re: domain setup advice
    ... server to run active directory, what would it be advisable to out of each ... public access to the servers in the dmz ... own domain not related to the website active directory, but in dns terms a ...
    (microsoft.public.windows.server.active_directory)
  • Re: ping computer returns wrong IP
    ... I believe DNS has the wrong IP address. ... >>tried removing the computer from active directory and ... Hosts ...
    (microsoft.public.win2000.dns)