amset

.info
.co.uk - exchange consultancy
.net - internet based solutions

Broadband - Exchange
Login Scripts - Net Admin
Outlook - Windows Mobile
Windows

Contact - Advertise

AddThis Social Bookmark Button

Network Admin

Branding "System Properties"
with Your Own Information
... Win XP, 2000 and older
... Vista

Changing ISPs Plan

Changing Internal
IP Addresses Plan

Custom Text on the
"Workstation Locked" Screen

Downloading a Complete
Internet Explorer Installation

Group Policy Admin

Login Scripts

Limiting the Number of Logins a User Can Make

MRTG Statistics

Recovery Console

Reset Administrator Password

Run As

Subnet Masks

Uptime Statistics

Using NetMeeting for
Remote Control

Viewing Printers in a
Web Browser

Split DNS Configuration

If you are using a different domain name internally than on the Internet, or have resources internally that are available to the Internet, you may find that you have difficultly connecting to them as the name resolution doesn't return the correct answer.

Examples could be:

  • Your web mail service which you want to work on a single address of web.mail.domain.com instead of http://servername
  • Your external web site which everyone should be entering in the form www.domain.com
  • You are using Exchange RPC over HTTPS or another service using SSL and need the name to be the same both internally and externally.

What you need to do is setup a "split DNS" environment.
This is where different results are returned to the client depending on their location - on local network or the Internet.

It requires the following:

  • Private DNS server - your AD DNS server is perfect.
    If you are using your DNS server to answer queries from the Internet then you will need to change this. If it is the same DNS server that hosts your Active Directory domain information then that is a big security risk. Your best option is to put it back with the domain name registrar. They will have servers that conform to the RFC standards for DNS servers. If your domain name registrar doesn't offer DNS services move to one that does. The market is awash with domain name companies that it shouldn't be too difficult to find one that provides the services you need.
  • A domain name that is used on the internet.
  • Your Internet side information.
    For example if you have a web site hosted outside of your network then you will need its IP address.
    Similarly if you have an ftp site, you will need that as well.
    The quickest way is to ping the two addresses - preferably from a machine outside of your network and then record the IP addresses returned.

Configuration Instructions

  • If you already have a Windows domain that matches the name used on the Internet and you just wish to allow access to Internet based resources you can skip down to "Adding Internet Based Resources."
  • If you already have a Windows domain that matches the name used on the Internet and you just wish to allow access to local resources that are also available over the Internet you can skip down to "Adding Local Resources Also Available on the Internet".

In these examples we are using domain.com as the external domain

Setting up a New Zone

  1. On your primary DNS server, start the DNS administration tool.
  2. Right click on the server and choose New Zone.
  3. Step through the wizard. You need a FORWARD primary zone that is NOT AD integrated (you may have to deselect an option).
  4. Enter the domain name when prompted.
    For example if your web site is www.domain.com then you would enter domain.com.
  5. Accept the option about creating a file.
  6. As this is not an AD integrated zone, disable dynamic updates.

Adding Internet Based Resources

  1. Right click on the new zone that you have just created, or is pre-existing.
  2. Choose "New Host (A)". If it is greyed out, double click on the zone and try again.
  3. Enter the name that you need to add, minus the domain name.
    For example if you want to add your web site which is on www.domain.com then you would just enter "www".
  4. Enter the external IP address for the web site.
  5. Press OK.
  6. Repeat for any other services that you might have on the Internet.
    You do NOT have to add entries for MX records for your domain as your email system will not be looking for these as it will know that it is responsible for that domain.

REMEMBER: After you have made this addition to your DNS the server will no longer lookup DNS information for this domain from the Internet. If there are any changes to the Internet IP addresses then you will need to update your internal DNS server as well.

Adding Local Resources Also Available on the Internet

  1. Right click on the new zone that you have just created, or is pre-existing.
  2. Choose "New Host (A)". If it is greyed out, double click on the zone and try again.
  3. Enter the name that you need to add, minus the domain name.
    For example if you want to add your web site which is on www.domain.com then you would just enter "www".
  4. Enter the internal IP address for the web site.
  5. Press OK.
  6. Repeat for any other resources that you have locally that are also available on the Internet.

Questions

Q: I am using a Dynamic IP address. How can I have the same name both internally and externally if my external IP address is changing.
A: You will need to use a Dynamic DNS service. The same process will apply as we have written here for managing MX records on a dynamic IP address.

Sponsored Links

Last Page Update:
17/04/2006

Back to the Top
Contact Us - Advertise on amset.info
NetAdmin Index - Home Page


Broadband - Exchange - Login Scripts - Network Admin - Outlook - Windows Mobile - Windows


© Amset IT Solutions Ltd. 1998 - 2008. All rights reserved. Reproduction of any content on this web site is prohibited without express written consent. Use of this web site is subject to our terms and conditions. All trademarks and registered trademarks are property of their respective owners. This site is not endorsed or recommended by any company or organisation mentioned on this site. This site is to provide guidance only and as such we cannot be held responsible for any consequences of following the advice given.