0

The problem is kinda weird. Stating that I'm new to the active directory scenario [microsoft overall] the question is the following. We have a domain lets say "foo.com" registered on one of this service like gratisdns and so on... The foo.com points to a web page whit information about the company and so on, but since is not ready yet you have to insert username and password in order to see the website. Now my boss is trying to set up a domain inside our company named "internal.foo.com". This works just fine until the point he tries to make a DNS server inside the Active Directory server he is installing. Now the thing is that when he is trying to put in domain the machines we get some weird error. In fact the machines are asking username and password as on the foo.com website.

I have tried to set as primary DNS the Active directory where our internal DNS is running, but with no success.

What do you think can be the problem?

  • Do all your internal machines have a direct connection to the internet? If you are using a proxy, you will need to set the DNS of the proxy as the new AD Dns. – boburob Aug 20 '12 at 11:29
  • we have a firewall, as main interface with the external network [the one from the ISP] but no we don't have a proxy, at least not yet – MixturaDementiae Aug 20 '12 at 11:41
  • Ok, so your primary DNS = Local, Secondary = External. With this setup if you try and ping internal.foo.com does it come back with the internal or external IP? – boburob Aug 20 '12 at 12:00
  • it goes to the external... but then if I try to ping directly the DNS server it works. And then the machine all the time pops up this authentication form to authenticate over the foo.com website... – MixturaDementiae Aug 20 '12 at 12:02

1 Answers1

2

The way DNS with Active Directory should be configured is that your AD server with DNS should be the ONLY DNS record on your client machines. It should resolve all DNS queries. Remove any external DNS server entries from your DHCP or static IP configuration.

On your DNS server you should configure a Forwarder. A forwarder is a DNS server up the chain that can resolve requests that your server cannot, in this case your external ISP's DNS server.

If you have that all setup the internal DNS server should resolve internal requests for internal.foo.com and forward the lookup for foo.com to the external server.

Just a note but your AD box should also be using the local DNS server. If it is the only AD box you have then the only DNS record you should have should be the local address (127.0.0.1) if you have more than one AD box then you should make sure the local box is not the primary DNS server in the DNS server list.

Brent Pabst
  • 6,059
  • 2
  • 23
  • 36
  • Good call on reminding about how to set DNS on the actual DNS server. I have forgotten before and used 127.0.0.1 (with multiple DNS servers) and ended up with DNS islanding. – TopHat Aug 20 '12 at 14:47
  • @MDMarra has beaten it into me ;) – Brent Pabst Aug 20 '12 at 14:58