Hi,

I suspect that for someone who knows how, this might be a simple problem, and I really hope it is.

Our company domain is company.co.uk with a the company's website being on www.company.co.uk. At the moment the internal domain is company.local, and we have public DNS resolving the www addresses of course. Simple stuff so far I think.

Due to implementing some new public video and IM services, we need to set up records with the company.co.uk as the FQDN. such as video.company.co.uk.  I expected this would be fine with a new forward lookup zone, and I would just point www.company.co.uk to the public IP address. Of course this doesn't work, as it just brings you to a default page. Our website is on shared hosting of course.

I also tried creating a new forward lookup zone called www.company.co.uk and creating a new A record with just the IP address and no name. This is fine, but if I then create the other zone company.co.uk it breaks. 

How do I configure this to still be able to access the public website internally, whilst being able to resolve DNS entries to this particular company.co.uk domain? Also this entries should not (for security reasons) be resolvable on the public DNS/Internet otherwise I'd have just chucked them in there and gone to bed!

Thanks in advance for any advice.

CJ.

So you want all the existing DNS records on company.co.uk that are currently public to remain accessible internally, and you also want to add specific records like video.company.co.uk to your internal DNS so it's resolvable on the local network and not on the public DNS?

Have you tried simply creating a new zone on your local DNS server for video.company.co.uk, and then within that add an empty A record pointing to the required IP address? That way internally your users querying the local DNS for that record will receive it from the local server, but for any queries outside of video.company.co.uk (for instance www.company.co.uk) will continue to be resolved externally since your DNS server will not consider itself to be authoritative for them.

Essentially, if you create a zone locally for company.co.uk then your local DNS server will consider itself authoritative for everything within that and will not do a public lookup for any records it doesn't know about, but if you create a zone consisting of a subdomain like video.company.co.uk then the DNS server will only consider records within that as local, not anything else in the parent domain.

Hi Keith,

Thanks for the response. I think this is what I have already tried. I created a new primary zone called www.company.co.uk, and added an empty A record with just the IP address.

However if I then create another zone called company.co.uk then for some reason it stops working.  If I remove company.co.uk, it starts working again.  (I just tried this again to be sure lol). 

Yes it will do, you can't have two zones on the same DNS server where one is part of the other, eg if you add a zone for company.co.uk then that will include ALL records for that zone, including www.company.co.uk. If you then try to add a zone specifically for www.company.co.uk it's just going to get confused (I'm surprised it even lets you), since there's nothing stopping you at that point having records in both zones which conflict with each other... which one will DNS consider authoritative?

I think you better try explaining what exactly you're trying to do as at the moment I don't understand why you're doing what you're doing, and it seems to conflict with your original explanation. For instance, if you're trying to create a local video.company.co.uk zone, why are you creating www.company.co.uk and company.co.uk zones?

Hi,

Apologies if my explanation wasn't clear enough.

We have a shared hosted public Wordpress website via Godaddy. This is www.company.co.uk. You can only get to this website if you use that domain name, an IP address won't work as it's shared hosting. Obviously there are many websites on this one particular host. Which is fair enough.

We are implementing a solution that requires internal resolving of DNS entries against the company.co.uk domain, this could be video.company.co.uk, expressway.company.co.uk, you name it. These records will obviously point to internal hosts. Normally I'd set up a new zone in DNS, and simply put the records for this in there. 

However, staff still need to be access our public website for various reasons, and if i create this zone, then none of the staff in the office can access the website. If I create the zone and create an A record called 'www' and put the public IP address in, this does not work as it simply forwards you to the IP address instead of using the full domain name. 

So I'm looking for a way to be able to resolve internal hosts against company.co.uk, but still allow the internal staff access to the public website. It seems like it should be simple but I'm losing hair gradually lol. Hopefully this explains it better?

CJ

• Edited by Anthracyte 9 hours 50 minutes ago

Right, thanks for that I see where you're coming from now, though I'm confused by the "If I create the zone and create an A record called 'www' and put the public IP address in, this does not work as it simply forwards you to the IP address instead of using the full domain name." comment, but I'll come back to that.

Essentially you've got two options, the right one depending on the amount of work each entails compared to the other in your specific situation.

1) Create a new zone for company.co.uk. Doing that will make it authoritative locally, so in additional to your local records that you want to add you'll also need to add any external records you might also have. If you have a lot of public records then that may be a lot of extra work (and obviously if they change publically then you need to update them locally as well), but if you just have a couple of records (for instance with and without www A records and a couple of MX records) then that might be the most straight forward.

2) Create new zones for each of the required subdomains, NOT the main domain. So you create the zones for video.company.co.uk and expressway.company.co.uk and add the records pointing to your internal hosts within them, and they're then treated as authoritative locally, BUT since you don't have a local zone for company.co.uk itself that isn't treated as local and any records for that (for instance www.company.co.uk) are still checked from the public DNS and direct your users to the public website. In reverse to the first option, if you're going to have a lot of those internal zones then it's possibly more work than the first option.

Going back to the other point. If you create an A record called www and put the public IP address of your webserver in there then that should work. It will not forward the user to an IP address, at least not in any way differently to how they are directed to your website normally. Basically your client machines as the DNS server "where is www.company.co.uk" and it replies "it's at 2.2.2.2". The client then connects to 2.2.2.2 and requests www.company.co.uk. If the client is only requesting www and not the full www.company.co.uk then that's something else, not DNS. A CNAME record could direct you to something other than the full www.company.co.uk, but it would be another website address not to an IP address.

Hi Keith,

Thanks for the response again.

It seems possible I've been doing this wrong but I am a little confused.  What is the normal process for accessing a public entry whilst having an authoritative local zone? is it as you describe?

I've just created a zone company.co.uk, and then created an A record called www and given it the public IP. the FQDN shows up as www.company.co.uk, but this is not working. So... I take i should have done something else? Apologies if I'm being a complete imbecile. I may just stick to command line on a Cisco switch instead.

So without the company.co.uk zone setup locally, if you ping www.company.co.uk the IP address you get returned is the same address as you've specified for the www A record you added after adding company.co.uk as a zone on your local DNS server?

When you've added company.co.uk locally and added the A record as well, from the same machine you're testing with and find you're unable to get to your website, if you ping www.company.co.uk what is returned? Is it returning the correct IP address?

If a DNS server considers itself to be authoritative for a domain then it will respond to any queries using its own records, and crucially it won't trying doing a public DNS lookup if the record being requested isn't found locally. As such, when company.co.uk is not setup on your local DNS server then it will consider it to be external, and it will then check online to wherever your public DNS server is to get the answer for your query. As soon as you add the zone locally it considers itself authoritative for that zone, as such it will only respond with records that it has locally, and if you want records that are on the public DNS to appear locally then you have to create them there.

Do you have any kind of proxy locally that could potentially confusing things? If you've setup the records correctly then it should work, so that's the only thing I can think of.

Well I've just tried this again... I created an empty A record with company.co.uk and pointed this at the IP and that actually works. If I create an A record called www and with the same IP, and go to www.company.co.uk that doesn't work. 

I can probably cope with that for now though, and probably mess around with it some more another time.

Thanks for your assistance Keith, much appreciated.

CJ.

 

Hi Cj,

I suppose we could use delegation.

Create a Forward Lookup Zone of company.co.uk. Then create Host records of video.company.co.uk and XX.company.co.uk.

After that, right click on the zone and click New Delegation. Enter WWW, then add a public DNS server.

Best Regards,

Leo