0

Seeing as I’m on the same network as my company’s webserver I have set up an internal domain server (Windows Server 2008 R2) to forward request to our domain to the correct internal IP (i.e. www.myserver.com => 192.168.1.2 so that we don’t have to go through the internet to access something on the local network). Our domain provider also has a DNS server for external request (which I can administer through settings on their website where I can generate subdomains).

Some of our public subdomains point to other servers than our own. If I add a subdomain (that doesn’t point to our own server) to the external DNS I also need to add it to our internal DNS for it to function properly.

Lets say we have a subdomain on the external DNS called sub.myserver.com, but it doesn’t point to our server. If I try to ping that domain from within our own network it contacts our internal DNS, sees that there’s no information about it there, and gives up, resulting in a cannot resolve sub.myserver.com: Unknown host.

We can’t have external requests go to our own DNS server, because… reasons.

Is it possible to have unknown internal domains be forwarded to the external DNS? (I guess another way to phrase this is to have one domain hosted on two servers)

Improve this question

2 Answers 2

Reset to default
1

You need an entry in your local DNS server. If you can do that, you will be able to resolve your external addressed site. Just create an A record and put the proper external IP in to the record. Now when you ping, you will get the correct resolution. That is why you should NEVER use a live domain for your internal domain! You always want to use domain.local instead of domain.com internally.

Improve this answer
2
  • Have to comment on your "always use domain.local". That's stone-age thinking. You should ALWAYS build an AD domain on top of a real DNS name that exists in the real world that you have control over. You're just asking for trouble if you don't. Microsoft KB recommendations have changed in recent years to reflect this (contoso.com anyone?). See support.microsoft.com/kb/909264
    – milli
    Commented Feb 7, 2016 at 9:39
  • To add... not doing so just causes other everyday problems with the "fake" name leaking outside anyway causing impossible-to-diagnose reachability issues. And the real pain happens when you try to interact in business-partner relationships or need to extend this into public clouds. And just try to get a certificate generated with a fake name in it today. You do not want this unnecessary PAIN.
    – milli
    Commented Feb 7, 2016 at 9:40
0

Not an expert, but I think you can delegate DNS resolution for particular domain to another DNS server via DNS Zone Delegation. You can delegate DNS resolution for that sub domain to an external DNS server or your external DNS Server.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .