I ended up doing what a couple folks suggested, creating a zone for each host with each zone containing only the IP for that host as an A record.
-----Original Message----- From: Ken Schaefer [mailto:[email protected]] Sent: Wednesday, February 22, 2012 6:47 PM To: NT System Admin Issues Subject: RE: DNS-y Doing forwarding may not disable access to thisclient.com's external addresses. How does thisclient.com's own client resolve their external addresses? Perhaps these entries are in their internal DNS servers. If so, then forwarding to their internal DNS servers might just work. You need to ask them. Definitively creating thisclient.com as a zone in your DNS is going to break resolution of their external addresses unless you also add entries for their external sites. Cheers Ken -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Thursday, 23 February 2012 1:18 AM To: NT System Admin Issues Subject: Re: DNS-y On Wed, Feb 22, 2012 at 10:43 AM, David Lum <[email protected]> wrote: > We have a VPN tunnel to a client, and we've been asked to make some > DNS entries for Thisclient.com addresses and frankly, I don't know how > to do it or even how to Google for it. They gave us a list of IP's > that need to have entries. You can tell your DNS server to claim authority for whatever you want, and as long as your DNS clients are using that DNS server for all lookups, you'll get what you told it to say. So claim authority for new zones, named <host1.thisclient.com>, <host2.thisclient.com>, etc., and put in the A records at the origin level. Any time their IP addresses change, they'll have to tell you. > I could do DNS forwarding but that would disable us being able to get > to thisclient.com's external websites, wouldn't it? Yup. (Aside: This is yet another example of why split DNS is a bad idea. Too bad for you, your client doesn't know that.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
