0

Scenario:

I have an internal domain called mydomain.internal, which happens to be an old company name that they used to be and are now called bigcompany which is what there public facing website is called and there office 365 records and such www.bigcompany.com, etc.

The business want to put in place a helpdesk system and wants it to be accessible inside the LAN and outside the LAN using the URL helpdesk.bigcompany.com.

My questions are.

  1. How doI get my Internal DNS server to resolve the host name helpdesk.bigcomapny.com when i only have 1 forward lookup zone for mydomain.internal which is totally different.

  2. If the answer is create a forward lookup zone for bigcompany.com what effects will that create as for existing services internally like access to the public facing website or e-mail, skype, and SharePoint in Office365

I currently have a cname record in our External DNS telling it that helpdesk.bigcompany.com points to an IP on my Firewall. I have not created any NAT rules or Port Forwarding rule just yet for access from the outside.

If i ping helpdesk.bigcompany.com from the outside i get resolution going to the Public IP, thats good. Internally if i ping helpdesk.bigcompany.com i get the same, not what i want.

Creating a forward lookup zone seems an easy fix but am a little worried i am going to have to baby sit the forward look up zone since it matches our external domain name and all the external service use that, like office 365 and our website, etc.

Any help is appreciated.

Ryan Oberg
  • 1
  • 1
  • 1
  • 1
    Are your internal resolvers *not* set up to be recursive? Can your users resolve names in the public DNS? If so, things should "just work" as long as your router can support hairpin NAT. If it's a requirement to resolve that name internally to its internal IP (versus the public IP), then you'll need to sort out if your DNS server allows you to override records on a per-name basis. – EEAA Apr 11 '17 at 02:36
  • Are your internal resolvers not set up to be recursive? Not sure what that means lol. – Ryan Oberg Apr 11 '17 at 03:03
  • Are your internal resolvers not set up to be recursive? Not sure what that means lol. Can your users resolve names in the public DNS? As far as i know those public DNS requests are not being resolved internally and are handled by by external DNS providers. SO yes if a user tries to go to www.bigcompany.com it works fine but my DNS server is not handling that resolution. I am not sure why I would not want a request made from inside to resolve to the inside IP and instead go out and then back in. – Ryan Oberg Apr 11 '17 at 03:12
  • I need to know if what is needed is a forward lookup zone for a new domain which that domain would match my current public facing domain and what effects that would have, or is there another way to go about this. I am sure all lot of people have different internal domains than what is public facing www.google.com and google.local but what happens when you want to setup a service that also uses that same domain helpdesk.google.com. As far and configuring that inside for resolution to internal IP's without messing up www.google.com for people inside, – Ryan Oberg Apr 11 '17 at 03:14

1 Answers1

5

Create an internal DNS zone named helpdesk.bigcompany.com with a single A record at the root of the zone for the ip address of your helpdesk system. The internal DNS server will be authoritative only for helpdesk.bigcompany.com. Your public DNS servers will be authoritative for all other bigcompany.com DNS records. Note that you can create a DNS record in the public DNS zone for helpdesk.bigcompany.com but it won't be relevant to clients using the internal DNS server.

If you need to do this for more than just a few DNS names then you might want to look into using DNS Policies in Windows Server 2016.

enter image description here

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • What would the zone be? I have three choices when creating a new zone.Primary, Secondary, and Stub. – Ryan Oberg Apr 11 '17 at 03:25
  • Primary. If you run an AD domain you'll want to make the zone AD integrated. – joeqwerty Apr 11 '17 at 03:37
  • Will the new zone be propigated to all my domain controllers hosting DNS? I made the zone on my PDC but have yet to see it show up in DNS on my BDC – Ryan Oberg Apr 11 '17 at 14:14
  • @RyanOberg PDCs and BDCs are not a thing in AD. Those terms were applicable in Windows NT domains. What you have are just domain controllers. – EEAA Apr 11 '17 at 14:34
  • If you configure the zone as an AD integrated zone then it will replicate to all of your DC/DNS servers. – joeqwerty Apr 11 '17 at 14:40