8

I currently started working for a company that has made a boneheaded mistake and I am looking for the least painful way to correct it.

Before I started, they named their local domain using a TLD they did not register. For the purpose of this question lets just say the internal domain is called example.com.

After starting here I found we were having all sorts of DNS issues and problems with name resolution locally and externally. I would ping abc computer and usually it would return a proper 192.168.x.x address per their ip convention.

However, with growing frequency I would would notice issues where it would return an external ip address with the computer name.example.com. After messing around for a few hours I thought to myself... No, it can't be... let me just check. Well I did a whois on example.com and found that we don't own the tld, someone else owns it.

When I confronted the powers that be about this, I was pressed for a resolution and being the bad sysop I came up with:

  1. don't make this mistake;
  2. rename the domain and do all the work that comes with it
  3. pay the oodles of money wanted for the domain that you "forgot" to register and never forget again.

I was in turn told to find another way and that there had to me more solutions than that... Unfortunately, I've never seen anyone make a noob mistake like this because well you had better own the domain you want to use.

Do you have a suggestion?

fukawi2
  • 5,327
  • 3
  • 30
  • 51
Bad Sysop
  • 81
  • 2
  • 14
    Those _are_ the solutions. The problem here is not "bad sysop", it is "bad management". Push back harder and escalate. – Michael Hampton Jun 12 '15 at 09:08
  • 3
    Even though this shouldn't have happened in the first place, you really shouldn't have any problems internally, as all clients should only have the DCs configured for DNS. Problems will start to arise however if anyone wants to visit the real `example.com` or send mail to them... – Oliver Rahner Jun 12 '15 at 09:11
  • Same as Oliver, this is often used, and should only make problems if : 1) name requested doesn't exist or is badly spelled, leading to non-exstand intenal DNS record, and thus does the lookup on the external domain, or if 2) Someone tries to actually reach the external domain from the inside. (which is unlikely, depending on the actual domain) – mveroone Jun 12 '15 at 09:31
  • Well, I realize this shouldn't be a problem but even though every machine has a static IP and assigned DNS periodically when you ping a computer name it cannot find it and returns the external IP which doesn't belong to us. In the meantime, now I am stuck managing hosts files for a ton of PC's because the issue comes and goes when it wants.. – Bad Sysop Jun 12 '15 at 15:42
  • 4
    FYI, `example.com` is not a top-level domain, it's a second-level domain. TLDs are `COM`, `ORG`, `US`, `UK`, etc. – Barmar Jun 16 '15 at 21:38

4 Answers4

5

Without attempting to detract from the other answers: if it's available for sale, buy the domain.

With the new .TLD craziness, internal domain names that have been working correctly for years are going to stop working intermittently when people are off-site and it will be because some enterprising company somehow managed to get .internal or .devel or something else silly registered.

I won't ever be setting up internal DNS on a non-registered domain again.

Paul Gear
  • 3,938
  • 15
  • 36
0

You should be able to prevent resolving to external IPs by making sure all computers and devices on the network have their DNS servers set to be your local Windows DNS servers.

If for some reason that doesn't do the trick, then additionally create a wildcard "New host (A)" record in your Windows DNS which points to some internal IP address.

sa289
  • 1,308
  • 2
  • 17
  • 42
  • Could you elaborate more specifically? – Bad Sysop Jun 12 '15 at 15:42
  • the domain name does exist, we just don't own it... (insert forehead into palm at terminal velocity) – Bad Sysop Jun 12 '15 at 15:49
  • @BadSysop typically on a Windows domain, one or more servers function as handling local DNS (in this case they think they are the authorities for that domain that exists but that you guys don't own). In my experience these are the same server(s) as the domain controllers. To solve your issue, all devices and computers on your local network should have their DNS settings configured to use these server(s) as their DNS servers or else they might ask some DNS server outside of your network what IP randomhostname.example.com is and get returned an external IP. – sa289 Jun 12 '15 at 15:56
  • All devices on the network are already hard coded with static IP's and dns info. – Bad Sysop Jun 12 '15 at 16:00
0

On your local DNS server, the one that your clients are directly asking, create a new DNS zone named yourexample.com and put whatever you need in it. Just make sure this DNS view is not exposed to the Internet. And that none of your internal users will ever actually want to see the real yourexample.com. :)

If your clients are not using your local DNS servers, then either change them to use one, or do something fugly such as intercept all DNS traffic on your border gateway and transparently redirect it to your local DNS server. (Ugh.)

Josip Rodin
  • 1,575
  • 11
  • 17
0

I don't know what does DNS resolution in your office but you can setup unbound, and have your workstations get requests from it. You then will use unbound to setup hostname to ip matching with a records.