Wednesday, April 25, 2018

domain name system - Internal/external DNS with subdomains



I've got an internal DNS server (part of OS X server) and it's acting as the main DNS server for a specific (physical) site. When it can't resolve hostnames itself, it forwards requests to Google's DNS servers. Everything works well apart from a couple of issues, which I think may be related but can't get to the bottom of.




I've got a number of intranet sites setup, that people can access by going to something like:




intranet.mydomainname.com



selfservice.mydomainname.com




These point to various servers in the building that host these sites. Whether internal or external (without VPN), I can access these sites just dandy.




Where the issue comes is when I want to host, say, test.mydomainname.com on an external server it fails to resolve as the primary zone for mydomainname.com is internal. How can I get it to look up Google's DNS (or an external one) for that zone if it's not in the list? I've tried everything I can think (adding my host's nameservers etc) of but nothing seems to work fully.



Also I can't access intranet sites when connected via VPN and from what I can gather - I believe this might be related to the DNS issue but just wanted to give as much information as possible.



Edit



The domain mydomainname.com is hosted externally and pointed at the site's public IP. From there we can forward the requests to the relevant internal server. Externally everything works, internally though any subdomain of mydomainname.com is served locally, I want it to be served from Google's DNS / externally.



DNS Configuration




As per a request, here's the current DNS configuration (OS X server's DNS tab). I've blurred out the .private address as it's not really relevant but it's the server's name. The colored dots are just there to link everything together. Screenshot:



enter image description here



In an attempt to clarify this is what I want:



intranet.mydomain.com -> 192.168.0.12
selfservice.mydomain.com -> 192.168.0.13
*.mydomain.com -> forward to external DNS
mydomain.com -> forward to external DNS



At the moment any subdomain of mydomain.com is not forwarded on (think this is because of the primary zone being mydomain.com with a NS of intranet.mydomain.com but could do with a little nod in the right direction.


Answer



I figured out a workaround but it's far from perfect. Ideally I'd have liked to add "*.mydomain.com" as a catch all forwarding to external DNS (my registrar) and only point the relevant ones to internal servers. Unfortunately OS X server doesn't currently allow wildcard entries so I've had to add everything manually pointing out/in where appropriate.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...