host/domain dns resolution conflict

[csag]

I have the following problem:

I have an AD domain named 'abc.xyz.com'. I have a linux box running a
webserver with the same name 'abc.xyz.com' which is registered publicly
to resolve to say 10.1.1.100.

When users in my AD domain try to access this webserver (by using
'abc.xyz.com'), they cannot. It is because they are not resolving the
IP address correctly. I am running DNS Server on my domain controllers
b/c I believe that it is necessary for AD performance? An A record is
created by default that resolves 'abc.xyz.com' to the ip addresses of
my dns servers. when I rename this record to resolve to 10.1.1.100
(the webserver). It is overwritten after about 20 min. because of
Dynamic Updates. I can disable dynamic updates as a fix, but then I
have to manage the DNS manually, which I don't want to do.

Do I need to rename my domain? can I just create a new dns zone? Do I
have to use Microsofts DNS server or can I use linux?

I'm not sure what to do.

Thanks for anyone who can offer any advise.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I have the following problem:

I have an AD domain named 'abc.xyz.com'. I have a linux
box running a webserver with the same name 'abc.xyz.com'
which is registered publicly to resolve to say 10.1.1.100.

When users in my AD domain try to access this webserver
(by using 'abc.xyz.com'), they cannot. It is because
they are not resolving the IP address correctly. I am
running DNS Server on my domain controllers b/c I believe
that it is necessary for AD performance?

Not only is it required for AD performance, it is required for AD to work.

An A record is
created by default that resolves 'abc.xyz.com' to the ip
addresses of my dns servers. when I rename this record
to resolve to 10.1.1.100 (the webserver). It is
overwritten after about 20 min. because of Dynamic
Updates. I can disable dynamic updates as a fix, but
then I have to manage the DNS manually, which I don't
want to do.

Do I need to rename my domain? can I just create a new
dns zone? Do I have to use Microsofts DNS server or can
I use linux?

Even if you used the Linux for DNS the record must still point to the IP
address on the DC with file sharing enabled.

I'm not sure what to do.

Is your AD domain name 'abc.xyz.com'?
If it is, then the domain name must resolve to the IP address on the Domain
Controller that has file sharing enabled. This is for the Sysvol DFS Share
at \\abc.xyz.com\SYSVOL This is not optional, it is required, for Group
Policies to apply.

Assumming this is Win2k, you cannot rename your domain. It is not easy on
Win2k3, but possible.
Win2k must be rolled back to NT4, then upgrade the NT4 to Win2k choosing a
different AD DNS Domain name.
Or demote the Win2k, lose all domain accounts and repromote using a
different name.

 

[Herb Martin]

I have the following problem:

I have an AD domain named 'abc.xyz.com'. I have a linux box running a
webserver with the same name 'abc.xyz.com' which is registered publicly
to resolve to say 10.1.1.100.

Then your internal (Domain) users/machine are not going
to resolve that public name server correctly.

You will have to develop an internal alias for internal user to query,
or otherwise disambiguate the names.

When users in my AD domain try to access this webserver (by using
'abc.xyz.com'), they cannot.

True since all DCs register this name (as they pretty much must
if that is the domain name for AD.)

This is the way that AD DCs use DNS.

It is because they are not resolving the
IP address correctly. I am running DNS Server on my domain controllers
b/c I believe that it is necessary for AD performance?

Not technically but it is the right thing to do and not the
source of your true problem.

An A record is
created by default that resolves 'abc.xyz.com' to the ip addresses of
my dns servers.

Technically this is to the DCs but since they run on the
same box it comes to the same thing -- and would not
change if the DNS were elsewhere.

when I rename this record to resolve to 10.1.1.100
(the webserver). It is overwritten after about 20 min. because of
Dynamic Updates. I can disable dynamic updates as a fix, but then I
have to manage the DNS manually, which I don't want to do.

That's what DCs do.

Do I need to rename my domain? can I just create a new dns zone? Do I
have to use Microsofts DNS server or can I use linux?

You cannot rename you domain unless you re-install it or
upgrade to Win2003.

 

[csag]

Thanks for your help Kevin. It is a Win2K3 domain... I will likely go
with that option of changing the domain, it is a simple domain with
limited # of workstations and no exchange server.

thanks.