So I setup the conditional forwarding for the domain "akusatitle.net" a few hours ago. Performing NSLookup from external sources returns a response of "Server Failed". Using http://network-tools.com/nslook/Default.asp , if I specify "no recursion", the queries are successful.
Queries from my internal domain and from the external DNS servers themselves are successful. Are there any tools out there that can help identify where the failure is occurring? Could this just be indicative of slow propagation of the original zone I deleted and I just need to be more patient? On Tue, May 5, 2009 at 10:17 AM, stuart.hall <[email protected]> wrote: > Pleased you got it working. > > > > Have a good day! > > > > *From:* Sean Martin [mailto:[email protected]] > *Sent:* Tuesday, May 05, 2009 2:11 PM > > *To:* stuart.hall > *Subject:* Re: RE: Windows 2003 DNS > > > > Yeah, I had to delete the zone before it would allow me to add the forward. > > > > > We did run into the issue surrounding our internal root domain being the > same as our external domain. I'll just use example.com. We pretty much use > the same practice you mentioned regarding manually duplicating A records > internally. We implemented delegation for the individual sites we wanted to > redirect to the Global Site Selector. Within Example.com, I create a > delegation named www. That new delegation simply contains an NS record > pointing to the GSS. The same was implemented for other specific sites. > That's why I thought simply changing the NS record for the alternate domains > would work. > > > > I still have some additional testing to do but I think you got me on the > right track. Thanks for the assistance. > > > > - Sean > > On Tue, May 5, 2009 at 9:50 AM, stuart.hall <[email protected]> wrote: > > As far as I know, yes, otherwise the DNS server will just check it’s local > records and if it doesn’t exist then it’ll not resolve it – it won’t then go > and check externally or forward because as far as it’s concerned the zone > that it has is the zone that you’re checking. > > > > As long as the records you have on the server are on the server which > you’ll forward to, then you shouldn’t run into issues by removing the zone > on your local server. When it starts being a pain is when you have an > internal server with an external domains zone – eg, corp.com internally > with www.corp.com pointing at 192.168.0.1 whereas corp.com is also on an > external server and it points to the external IP of your web server. > > > > Then, like I do here, you just have to manually manage A records on your > replica zone internally if requirements are that internal users go to an > internal IP and internet users go via the external IP. > > > > You should be good though, just check to make sure that the records in the > zone you remove from the DNS server you’re configuring are IDENTICAL to the > records that are on the server that you’re forwarding to so that you don’t > lose any resolution. > > > > > > > > *From:* [email protected] [mailto:[email protected]] > *Sent:* Tuesday, May 05, 2009 1:43 PM > *To:* stuart.hall > *Subject:* Re: RE: Windows 2003 DNS > > > > That sounds like it may work. I'm assuming I'll need to delete those zones > from the DNS server for the forwarding to work? > > - Sean > > On May 5, 2009 9:39am, "stuart.hall" <[email protected]> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > If you get the properties on the DNS Server in Windows, you can > > > > specify the DNS servers which should be queried for specific domains > under the > > > > Forwarders tab. > > > > > > > > > > > > > > > > > > > > By default, it will likely have “All other DNS domains” in > > > > there. Add the domain you want to reroute queries for and then add the > IP’s of > > > > the DNS servers responsible for that domains zone. > > > > > > > > > > > > > > > > > > > > Is that what you mean? > > > > > > > > > > > > > > > > > > > > > > > > > > > > From: Sean Martin > > > > [mailto:[email protected]] > > > > > > Sent: Tuesday, May 05, 2009 1:34 PM > > > > > > To: NT System Admin Issues > > > > > > Subject: Windows 2003 DNS > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Good morning, > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I'm assisting my Network Services team with the implementation of Cisco's > > > > > Global Site Selector. Part of the implementation plan includes the > > > > re-configuration of some of our domains ( to be handled by the site > selector) > > > > on our Windows 2003 DNS servers (external DNS, not AD integrated) so that > the > > > > global site selector will respond with name resolution. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > The GSS has been configured with all of the appropriate A > > > > records to respond to queries. I've tested what I thought was a workable > > > > solution by simply changing the NS records for one of the domains to the > GSS. > > > > However, our DNS servers don't appear to be passing queries to the GSS. > The > > > > only records that exist within the zone are the NS record and the SOA. > I've > > > > tried changing the SOA to the GSS, as well as leaving the SOA blank. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Apparently, we didn't purchase the ability for the GSS to > > > > act as a DNS server itself, it's only purpose is to provide name > resolution, at > > > > which point it will query the load balancers at each site and respond > with the > > > > VIP from the least loaded site. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Does anyone know of a method within Windows 2003 DNS to > > > > basically pass all queries for a specific domain to an alternate name > server? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > - Sean > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
