Dynamic DNS Zone Forwarding ...

[Dave]

I have been searching high and low for a solution to a DNS problem, which I
have been unable to find. So I thought I would ask the experts!

So that someone reading this understands the situation that I am facing, it
is necessary to provide some background information. Currently I'm employed
with a small company owned by a larger organization. The larger
organization provides our company with Intranet Sites. DNS Records for
these Intranet Sites are only stored within the Private DNS Zone of our
parent company and not available through the Public DNS Zone. We do not
have access to the Private DNS Zone (and no Zone Transfers for the Public
DNS either), as they believe it to be a security risk. (that is a topic for
another post altogether)

Currently our Private DNS Server, is storing an Authoratative Zone
containing the entries for the Intranet Sites of our parent company, as well
as some publicly available DNS Records. In order to avoid having to update
this DNS Zone of our Parent Company when changes to the Public DNS Zone are
made, I was trying to locate a product that may be able to dynamically
search DNS Records. The product that I would be ideally looking for, would
have settings that would allow you to create a zone, create DNS records, and
if a client is unable to resolve requests within its zone, it would try to
locate the DNS record from the actual public zone.

Does anyone know of a product that can accomplish what I have described
above? Any advice would be greatly appreciated,

Dave

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I have been searching high and low for a solution to a
DNS problem, which I have been unable to find. So I
thought I would ask the experts!

So that someone reading this understands the situation
that I am facing, it is necessary to provide some
background information. Currently I'm employed with a
small company owned by a larger organization. The larger
organization provides our company with Intranet Sites.
DNS Records for these Intranet Sites are only stored
within the Private DNS Zone of our parent company and not
available through the Public DNS Zone. We do not have
access to the Private DNS Zone (and no Zone Transfers for
the Public DNS either), as they believe it to be a
security risk. (that is a topic for another post
altogether)

Currently our Private DNS Server, is storing an
Authoratative Zone containing the entries for the
Intranet Sites of our parent company, as well as some
publicly available DNS Records. In order to avoid having
to update this DNS Zone of our Parent Company when
changes to the Public DNS Zone are made, I was trying to
locate a product that may be able to dynamically search
DNS Records. The product that I would be ideally looking
for, would have settings that would allow you to create a
zone, create DNS records, and if a client is unable to
resolve requests within its zone, it would try to locate
the DNS record from the actual public zone.

Does anyone know of a product that can accomplish what I
have described above? Any advice would be greatly
appreciated,

Dave

You don't need a product, all you need to do is use a delegation instead of
using host records. e.g. If you have a local zone for example.com to resolve
private records instead of adding host records for say www with the IP of
the website, use a delegation named www pointing to the Authoritative DNS
servers for the public domain name.

Right click in example.com select New Delegation, name it www then enter the
DNS server name and IP that are Authoritative for the public name. (You
can't just use an external DNS, it must be authoritative.)

 

[Dave]

Thanks Kevin for the advice! I was able to successfully use delegation to
contact the authoritative name server, for records that I was aware of.
Would this approach work for MX records as well? The problem is really, if
they add a new record in the future, I would manually have to add a
delegation. Really the Intranet Zone will be storing maybe 3 or 4 A records
for Intranet Webservers, and any other queries I want it to go to the
authoritative name server on the Internet, which could store more then 30
records; and unfortunately I have no ability to perform a entire zone query.

Thanks,
Dave

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Thanks Kevin for the advice! I was able to successfully
use delegation to contact the authoritative name server,
for records that I was aware of. Would this approach work
for MX records as well? The problem is really, if they
add a new record in the future, I would manually have to
add a delegation. Really the Intranet Zone will be
storing maybe 3 or 4 A records for Intranet Webservers,
and any other queries I want it to go to the
authoritative name server on the Internet, which could
store more then 30 records; and unfortunately I have no
ability to perform a entire zone query.

If all you need is three or four records for your intranet, the best
solution is to fix that and forward everything else. The way you do that is,
instead of creating a zone for the domain then adding the host records for
each host you need to resolve in the intranet or internet, delete the
example.com zone, then add Forward lookup zones with the FQDN of the
intranet hosts e.g. "host1.example.com", "host2.example.com" and
"host3.example.com" then add a new host to each leaving the name field blank
with the IP of the intranet site. All other hosts in example.com would be
forwarded.

 

[Dave]

Sweet! Thanks Kevin for the advice, thats why I ask the experts!

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Sweet! Thanks Kevin for the advice, thats why I ask the
experts!

No problem, I hope it all works out for you.