On Tue, May 24, 2011 at 7:42 AM, Oliver Marshall <[email protected]> wrote: > Is there a way to override a DNS entry in an AD zone at one site only?
Not that I'm not aware of. > A new site has been taken on which has VPN but it’s intermittent and we need > to point myserver.mydomain.co.uk to the external IP address. I think this should work: 1. Create stand-alone DNS server(s) 2. Create a new Standard Primary zone <myserver.mydomain.co.uk.> on #1 3. Create an A record in #2 for <myserver.mydomain.co.uk.> with the public IP address 4. Configure #1 to forward to your existing DNS server(s) with the AD-integrated zone 5. Configure all clients at the site in question to use only #1 for their DNS servers The above creates an undelegated zone, splitting the DNS namespace. By pointing the clients at the #1 server, they will get answers for said zone. Nobody else will be aware of the zone because it's undelegated. Aside from SOA and NS, there will be only one record (the A record), and there will be only the one name, but that's okay. I believe you need to create a stand-alone DNS server because MS-DNS only supports a single namespace per instance and only allows one instance per server. If you create the #2 zone on the same server as the one hosting your AD-integrated zone, I believe the AD-integrated zone will take precedence (because there's no delegation). I could be wrong on that; I suppose you could try creating #2 on your existing DNS servers at that site. For the record: This is yet another example of why mixing public and private names and addresses is a bad idea. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
