April 15th, 2003, 10:39 AM
Internal and External DNS
My workplace's external e-mail is handled by an outside company. In order to access the external e-mail we use their DNS server. I am trying to administer Group Policy through our Windows 2000 server. In order to do that, that server has to be the primary DNS server. However, when the Windows 2k server is set to primary we can not access external e-mail. When the external DNS server is set to primary I can not administer Group Policy. Somebody please help.
April 15th, 2003, 02:05 PM
Setup your name server (the w2k machine) to use forwarders or the root servers. If it is asked for domains it does not know, it will ask other servers then and act as kind of a dns proxy.
April 16th, 2003, 07:59 AM
I tried adding forwarders, it did not work. Is it possible for the external DNS server to be blocking the request from my internal server some how? It's either that I'm doing it incorrectly. I'll try it again, thanks for the tip.
April 16th, 2003, 11:47 AM
possible, yes, but very unlikely. Try other forwarders. You can use nearly any one.
Login to the machine running the DNS server and try to ping the forwarders first. Maybe you canīt reach them because of router/firewall configuration or something similar...
April 16th, 2003, 02:51 PM
No, I can ping the external DNS server just fine. And when it is set as the primary DNS server I can access my external e-mail, so I don't think that reaching the server is the issue. Question, what is the difference between a forwarder and a forward look-up zone?
It is very possible the the owner of the External DNS has his box set as a Primary. Verfiy that the owner is set to allow zone transfers to any server, or adds the ip address of your server for zone transfers.
Setup your server as a primary and do a zone transfer. You now have all of the information his DNS server has and therefore can access mail because you have the resolution to the machine (mail)
You are still a primary and still have control.
You can also use dnsstuff.com or WSPing Pack Pro to do lookups on his system. IE: is his mail server is mail.hisdomain.com do a lookup on the A record and see what machine is responsible for knowing where that machine is. If it is the DNS server you connect to at the owners location then doing a zone transfer will work. If it is a different machine that is responsible do a NS lookup on the owners domain, if the NS server is the same as who is responsible for the mail server then add the owners NS server to your root hints.
Either way if you can not resolve the mail server through your DNS after a zone transfer it will look to root hints, if his NS server is the first in root hints it will check his DNS server and resolve.
Last edited by Vicer; July 1st, 2003 at 03:17 PM.
can you explain this please? did you change the registrar entry or did you enter it as the first dns server in your client config?
A forwarder - forwards requests made to your DNS server to another DNS server. Basically you would have a forwarder on your lan segment so response time is fast, but all requests to resolve go to the forwarder. A forward lookup zone is used when the first DNS server can not resolve the request. It passes the request to the forward lookup zone for resolution.
Vicer - I donīt think so.
"forward lookup zone" is iirc the opposite of "reverse lookup zone" and thus refers to what we usually abbreviate to "zone files".