Our setup is as follows:

our internal dns is mydomain.local
our external domain us mydomain.gov.uk

We have a leased line connecting us directly (Firewall to Firewall) to
another organisations network where we access some shared services in
particlar a Website. http://site.otherorg.gov.uk. This website is only
available via the dedicated leased line and not the internet.

We have up until now been using host files on each users individual PC that
resolves the site to the internal address 172.x.x.x.

I would now like to centralise this and have my Active Directory Intergrated
DNS perform the name resolutiion.

I have created a new zone "otherorg .gov.uk" then added an "A" record for
the site to resolve to 172.x.x.x which works fine, my problem is that
otherorg.gov.uk has a number of websites that are only accessable via the
internet so once I have created a zone for otherorg.gov.uk no one on the
internal network can access any of the other web site (such as
www.otherorg.gov.uk) unless I create an "A" record that resolves to the
internet address i.e 195.x.x.x. Unfortunately otherorg.gov.uk has a large
number of additional sites such as www1.otherorg.gov.uk,
www2.otherorg.gov.uk, www3.otherorg.gov.uk and so to have to create a manual
entry in my AD DNS would be pain.


So my questiion is how do I create an entry in my Active Directory"
intergrated DNS that will resolve one site for a domain, however will not
affect name resolution for any other sites in that domain.

Thanks in advance

Read inline please.

In news:7EF46138-F9CB-4708-B41C-4B81DF00A51E@microsoft.com,
NewToTechnet <NewToTechnet@discussions.microsoft.com> typed:
> Our setup is as follows:
>
> our internal dns is mydomain.local
> our external domain us mydomain.gov.uk
>
> We have a leased line connecting us directly (Firewall to Firewall) to
> another organisations network where we access some shared services in
> particlar a Website. http://site.otherorg.gov.uk. This website is
> only available via the dedicated leased line and not the internet.
>
> We have up until now been using host files on each users individual
> PC that resolves the site to the internal address 172.x.x.x.
>
> I would now like to centralise this and have my Active Directory
> Intergrated DNS perform the name resolutiion.
>
> I have created a new zone "otherorg .gov.uk" then added an "A" record
> for the site to resolve to 172.x.x.x which works fine, my problem is
> that otherorg.gov.uk has a number of websites that are only
> accessable via the internet so once I have created a zone for
> otherorg.gov.uk no one on the internal network can access any of the
> other web site (such as www.otherorg.gov.uk) unless I create an "A"
> record that resolves to the internet address i.e 195.x.x.x.
> Unfortunately otherorg.gov.uk has a large number of additional sites
> such as www1.otherorg.gov.uk, www2.otherorg.gov.uk,
> www3.otherorg.gov.uk and so to have to create a manual entry in my AD
> DNS would be pain.
>
>
> So my questiion is how do I create an entry in my Active Directory"
> intergrated DNS that will resolve one site for a domain, however will
> not affect name resolution for any other sites in that domain.
>
> Thanks in advance

There are two ways you can do this, Conditional Forwarder or Stub zone.
To set up conditional forwarding, go to the Forwarders tab on the DNS
server's properties sheet. Under DNS domain: click "New" type in
otherorg.gov.uk, then enter the IP addresses for their DNS servers.
For a Stub zone, create a new Forward lookup zone, selecting Stub zone as
the type of zone, name it with the actual zone name used by the other org.
probably otherorg.gov.uk, enter the IP address of at least one of their
servers. When the zone is complete, it should transfer the NS records and
glue (A) records for the NS records.
I would probably stay with conditional forwarding in this situation. Both of
these resolutions require that their DNS contain all the records you will
ever need for access, including MX records, should you need to send mail to
their domain.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

Kevin,

Many thanks for your response. Unfortunately this will not work as we will
not have access to otherorg.gov.uk internal DNS records as they will be
NAT'ed to internal IP addresses and non qualified domain names.

One approrach I though I may be able to take is create a zone for
"site.otherorg.gov.uk" rather than "otherorg.gov.uk" then create a blank a
record in that zone i.e leave the name field blank so that is uses the same
as the parent domain then type in the IP address of the actual site I am
trying to resolve.

I have tried this and it so far appears to have worked, however I feel that
this may be a little messy and would not be a receommened solution.

Are there any reasons why we should not perform name resultion in this way?

Can you think of another solution to my issue?

Thanks again for your response.


"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Read inline please.
>
> In news:7EF46138-F9CB-4708-B41C-4B81DF00A51E@microsoft.com,
> NewToTechnet <NewToTechnet@discussions.microsoft.com> typed:
> > Our setup is as follows:
> >
> > our internal dns is mydomain.local
> > our external domain us mydomain.gov.uk
> >
> > We have a leased line connecting us directly (Firewall to Firewall) to
> > another organisations network where we access some shared services in
> > particlar a Website. http://site.otherorg.gov.uk. This website is
> > only available via the dedicated leased line and not the internet.
> >
> > We have up until now been using host files on each users individual
> > PC that resolves the site to the internal address 172.x.x.x.
> >
> > I would now like to centralise this and have my Active Directory
> > Intergrated DNS perform the name resolutiion.
> >
> > I have created a new zone "otherorg .gov.uk" then added an "A" record
> > for the site to resolve to 172.x.x.x which works fine, my problem is
> > that otherorg.gov.uk has a number of websites that are only
> > accessable via the internet so once I have created a zone for
> > otherorg.gov.uk no one on the internal network can access any of the
> > other web site (such as www.otherorg.gov.uk) unless I create an "A"
> > record that resolves to the internet address i.e 195.x.x.x.
> > Unfortunately otherorg.gov.uk has a large number of additional sites
> > such as www1.otherorg.gov.uk, www2.otherorg.gov.uk,
> > www3.otherorg.gov.uk and so to have to create a manual entry in my AD
> > DNS would be pain.
> >
> >
> > So my questiion is how do I create an entry in my Active Directory"
> > intergrated DNS that will resolve one site for a domain, however will
> > not affect name resolution for any other sites in that domain.
> >
> > Thanks in advance
>
> There are two ways you can do this, Conditional Forwarder or Stub zone.
> To set up conditional forwarding, go to the Forwarders tab on the DNS
> server's properties sheet. Under DNS domain: click "New" type in
> otherorg.gov.uk, then enter the IP addresses for their DNS servers.
> For a Stub zone, create a new Forward lookup zone, selecting Stub zone as
> the type of zone, name it with the actual zone name used by the other org.
> probably otherorg.gov.uk, enter the IP address of at least one of their
> servers. When the zone is complete, it should transfer the NS records and
> glue (A) records for the NS records.
> I would probably stay with conditional forwarding in this situation. Both of
> these resolutions require that their DNS contain all the records you will
> ever need for access, including MX records, should you need to send mail to
> their domain.
>
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
>
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>
>