DNS not switching

[Andy Yew]

Dear all,

Would like to have some feedback on this..

We are running on a win2k AD structure and as follows: domain.com and
country.domain.com

We have set up MS VPN and have enabled dhcp to propagate to the
clients when they authenticate against the VPN server.

We have an issue however, we have a fully qualified domain registered
with an internet IP that maps directly internally to the mail server
and as such when the VPN is enabled, by right it should just use the
internal IP to service all the requests.

However, on our case, we are not getting it to be that way and with
the vpn enabled, mail just doesnt connect.

nslookups only show that we are using the internet IP for the mail
server, instead of the translated internal IP from our internal DNS.
The only way for us to get mail to work then would be to actually put
it in the hosts file or physically fixed a local IP in the mail server
settings.

Any ideas as to why this is behaving?

One thing is that when it works (sometimes..) and successfully mapping
the IP addresses, the DNS server taht is serving the request isnt from
our local DNS server @ country.domain.com but going back to the DNS
server at our HQ @ domain.com

Any help would be appreciated. Thanks!

 

[Ace Fekay [MVP]]

In

Dear all,

Would like to have some feedback on this..

We are running on a win2k AD structure and as follows: domain.com and
country.domain.com

We have set up MS VPN and have enabled dhcp to propagate to the
clients when they authenticate against the VPN server.

We have an issue however, we have a fully qualified domain registered
with an internet IP that maps directly internally to the mail server
and as such when the VPN is enabled, by right it should just use the
internal IP to service all the requests.

However, on our case, we are not getting it to be that way and with
the vpn enabled, mail just doesnt connect.

nslookups only show that we are using the internet IP for the mail
server, instead of the translated internal IP from our internal DNS.
The only way for us to get mail to work then would be to actually put
it in the hosts file or physically fixed a local IP in the mail server
settings.

Any ideas as to why this is behaving?

One thing is that when it works (sometimes..) and successfully mapping
the IP addresses, the DNS server taht is serving the request isnt from
our local DNS server @ country.domain.com but going back to the DNS
server at our HQ @ domain.com

Any help would be appreciated. Thanks!

Client VPNs are an interesting issue with AD. HOSTS file is usually the way
to get around it. On the client, it's defaulting to the client's DNS
settings from their ISP. I believe there is a setting in the client VPN that
you can force it to be the default when connected. Can't remember exactly.
Otherwise, on your internal DNS zone, you can create a mail.domain.com
record (or whatever the name is that the clients would connect to) and give
it the internal IP. That is usually the norm in a Split-Horizon namespace,
which is apparently what you have (where the internal private AD DNS domain
name is the same as the external public domain name). For a MAPI client,
that is not necessary since they connect directly to the Information Store.

As for DNS going to your root domain (domain.com), it seems to suggest that
you do not have delegation properly set from the parent root domain DNS
servers to the child domain DNS servers and a forwarder set from the child
domain's DNS servers back to the Root DNS servers. If that was the case,
then it wouldn't matter which internal DNS the client is using and all will
work.

If not sure about delegation, check this out (pretty much outlines what I
just mentioned). Don't forget, only forward from the child to the parent,
and then at the parent set a forwarder to the ISP.

255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory