I have a split domain setup on my production server farm:
- Each server has both an external (internet facing) IP address and a private internal (LAN facing) IP address. A local DNS server running dnsmasq provides both DHCP services and DNS services on the LAN, using the "production DNS zone".
- A different, and public, DNS server servers the same DNS zone with the public IP addresses of the servers.
So if you have an IP on the LAN you can resolve the names of all the other servers using LAN addresses, while if you are not on the LAN (for example – clients) then you resolve the names of the servers to their public addresses.
Now I've setup a VPN to bridge the office LAN to the production LAN so developers can access the servers directly without going through hoops, and I want the computers on the office LAN (which up until now only saw the public IP addresses of the production DNS zone) to resolve the production server names to the LAN ip addresses (which they can access directly because of the VPN bridge).
The problem is that in the office we use Microsoft Windows 2003 to manage the network – it's running ActiveDirectory, DHCP services and also DNS services. I thought I can set up a split-domain setup using the Microsoft DNS server as well, and use the "stub zone" technique to direct the resolution of the production DNS zone from the public DNS server to the private DNS server (that is now accessible through the VPN) – but when I try to do that Microsoft DNS server says that the zone is broken and can't display any information.
Can this be done, and if so – how?
Best Answer
1) Open the DNS setting MSC 2) Right click on the server and select Properties 3) Go to the Forwarders tab 4) Add the DNS domain for which you want to forward lookups to another server 5) Put the IP addresses of the DNS servers for that domain.