Setting up Sub domains

[Josh Colombo]

I'm looking to setup or determine how to setup sub domains for MS Dns
server.

Background:

I have a win2k domain setup with AD integration DNS server, have configured
the server to point to the DNS server, and configured the DNS server
according to this KB article
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202

Everything works fine for reaching external domains and even my domain.
However I have an .asp script setup as the default file that looks at the
incoming url and will redirect to the specified path.

example:
Case "mail.domain.com"
NewLocation = "/exchange"

The redirect works fine from external point of my network, but since the MS
DNS server is handling internal requests for my domain the subdomains don't
resolve properly, and I get a 404 error.

How do I go about configuring the dns server to respond to the sub domains I
have setup in the redirect?

Also, since my dns server is not responding to external requests for my
domain, is setting up a reverse lookup zone worth while, or even necessary?

Thanks in advance.

Josh

 

[Herb Martin]

I'm looking to setup or determine how to setup sub domains for MS Dns

server.
I have a win2k domain setup with AD integration DNS server, have configured
the server to point to the DNS server, and configured the DNS server
according to this KB article
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202

It is important to distinguish the TECHNICAL difference between
subdomain and child zone (both can loosely be called subdomains)
as it pertains to the DNS MMC.

A subdomain (right-click new domain) is contained in the parent
zone database and is very similar to a subdirectory or subfolder in
concept. (It is even shown as a subfolder)

A CHILD ZONE is definitely "delegated" (right-click New Delegation),
in that the parent Zone (domain) has glue delegation records that point
to the child zone's DNS server.

Note that the child zone is a SEPARATE zone and may not even be
on this server -- in fact the normal reason for creating a delegation is
to delegate (or hand-off) responsibility for the zone administration or
the zone databases records to either another Administrator or to
another physical server (or both.)

You can certainly maintain the child zone on the SAME server as the
parent but this should be considered a mere coincidence or irrelevant
to understaind "child zones."

Everything works fine for reaching external domains and even my domain.
However I have an .asp script setup as the default file that looks at the
incoming url and will redirect to the specified path.
example:
Case "mail.domain.com"
NewLocation = "/exchange"

The redirect works fine from external point of my network, but since the MS
DNS server is handling internal requests for my domain the subdomains don't
resolve properly, and I get a 404 error.

Then it has little to do with ASP or other specific programs; fix the
delegation or settings.

How do I go about configuring the dns server to respond to the sub domains I
have setup in the redirect?

Here's how it works:

The root delegates to the TLDs like Com and Edu (and countries like US, fr,
ko)
The TLDs each delegate to their CHILD zones, i.e., Com to --> Microsoft.Com
Delegation comprises the NS and A records being stored on the parent to
point
to the child's nameserver(s). (Associate the child domain name with that
nameserver
set.) And so on, to any arbitrary depth.

If the external world must find your resources, your domain must
be register with a PUBLIC parent (e.g., .Com) -- and the firewalls
must allow external DNS servers to recurse (traverse downswards)
though the PUBLIC INTERNET Namespace to reach your DNS.

Then your DNS (might be run by an ISP or Registray even though
it is for "your" zone) points the client to a resource, like WWW etc.

Now, the client (program) must be able to use THAT ADDRESS
to reach that resource.

If the resource is not publicly accessible directly (e.g. behind a NAT,
ICS, or Proxy like ISA) then that NAT must be configured to relay
to the actual resources and the address given the client must be the
(appropriate) address on the NAT or Proxy.

 

[Joshua Colombo]

In

Let me get this straight, you have an exchange server hosted locally behind
your router?

Yes, this is correct

When someone on the internet types in mail.domain.com it gets the Public IP
of your router that forwards port 80 to your internal web server in which
the default web site at mail.domain.com redirects the request to
mail.domain.com/exchange?
Correct.


Internally your users cannot resolve mail.domain.com?
If they can does it resolve to the public IP for mail.domain.com?

They couldn't resolve mail.domain.com

Do you have a zone on your internal DNS server for domain.com?
Create a new host in that zone named mail and give it the private address of
the mail.domain.com web server.

Yes I have a zone for domain.com

Here's what I did. Under the zone domain.com I created a new domain "mail"
I then added a blank host record to point to the internal ip of the web
server. Also created a "www" host recorded pointing to the same ip. Not
sure if this is the "correct" procedure, but it works for all combinations I
could throw at it.

Thanks for the help.

Josh

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Yes, this is correct


They couldn't resolve mail.domain.com


Yes I have a zone for domain.com

Here's what I did. Under the zone domain.com I created a new domain
"mail" I then added a blank host record to point to the internal ip
of the web server. Also created a "www" host recorded pointing to
the same ip. Not sure if this is the "correct" procedure, but it
works for all combinations I could throw at it.

Thanks for the help.

You did good, normally, you would just use a host record named mail instead
of a third level domain, but it will work fine with the blank record in the
third level domain.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

One more question.

It's not really related to sub domains, but I was curious about the
need/procedure for setting up a reverse lookup zone for "domain.com"

I am using the ip scheme 192.168.1.x & subnet 255.255.255.0
Currently there are the following reverse lookup zones:
0.in-addr.arpa
127.in-addr.arpa
255.in-addr.arpa

Would I create a reverse lookup zone 192.in-addr.arpa Or is it more
complicated?

Thanks

Josh

I'm as

Create the reverse lookup zone as 168.192.in-addr.arpa if you use
192.in-addr.arpa it will include addresses in a public range a real problem
if you have a mail server because it would not be able to do reverse lookups
for mail servers in that range.

 

[Herb Martin]

It's not really related to sub domains, but I was curious about the

need/procedure for setting up a reverse lookup zone for "domain.com"

I am using the ip scheme 192.168.1.x & subnet 255.255.255.0
Currently there are the following reverse lookup zones:
0.in-addr.arpa
127.in-addr.arpa
255.in-addr.arpa

Would I create a reverse lookup zone 192.in-addr.arpa Or is it more
complicated?

You would create 168.192.in-addr.arpa or just 1.168.192.in-addr.arpa
(The former makes more sense as it prevents your machine from
searching the Internet for other 192.168.x.y that aren't ever there.)

A lot of people should create these reverse zones (and 10, and 16-32.172
also.) Just to put NOTHING much in them.

 

[Josh Colombo]

Thanks guys for the help. I really appreciate it.

Josh