Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
0
Helpful
5
Replies

DNS question

Go to solution
ankitohc
Spotlight
Spotlight

‎10-12-2023 05:45 PM - last edited on ‎10-17-2023 02:22 AM by Community Manager

I have a question regarding the DNS If I have website with domain abc.com (Example), also we have internal windows domain controller DC-01 where we have our internal DNS server. I can add the A record in internal DNS abc.com pointing to public IP so my internal users can access the website like example shown here

ankitohc_0-1697157519916.png

but here is the problem when our internal users are opening website with abc.com it won't work and when they add www.abc.com

it worked fine so what could be the issue? It looks like DNS issue for sure If i create one more A record pointing abc.com to public IP so now there will be two records one is with www and one is without www so what will happen with our internal users if they have host with abc joined domain where will the request go first if they

ping

website or join new machine in the company. Will it go to local DNS or public?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP
In response to ankitohc

‎10-13-2023 06:17 AM

@ankitohc,

Internal DNS resolution, including domain join requests, will use the DNS records in your internal DNS server. External access to the public website "abc.com" remains unaffected. Creating an internal DNS record for "abc.com" ensure internal users can access the website without the "www" prefix while preserving domain join functionality.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
M02@rt37
VIP
VIP

‎10-12-2023 09:52 PM - last edited on ‎01-23-2024 04:33 AM by Community Manager

Hello @ankitohc,

When a domain-joined machine attempts to resolve abc.com, it first checks with the local DNS server, which in your case is your internal Windows DNS server (DC-01). If there's a matching DNS record (A record) for abc.com in your internal DNS pointing to a local IP address, it will use that.

However, if there's no record for abc.com in your internal DNS, or if the record points to a public IP address, the request will go to the public DNS servers on the internet, which resolve abc.com to the public IP address associated with the domain.

So, if you want your internal users to access abc.com without the "www" prefix, create an A record in your internal DNS for abc.com pointing to the public IP address of your website.

Also, leave the A record for www.abc.com pointing to the public IP address. This will continue to work for users who type "www.abc.com."

--Internal users will be able to access the website with or without the "www" prefix. If they

ping

abc.com or join a new machine to the domain, the internal DNS server will resolve the request based on the DNS records you've configured internally.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
ankitohc
Spotlight
Spotlight
In response to M02@rt37

‎10-13-2023 05:22 AM - edited ‎10-13-2023 06:33 AM

Thank you for the detailed explanation, If I create a DNS entry without www If I join any machine in the domain future will it impact anything since I will type abc.com to join the domain and the request will go to internal DNS which currently maps with public IP address

 

 

 

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to ankitohc

‎10-13-2023 06:17 AM

@ankitohc,

Internal DNS resolution, including domain join requests, will use the DNS records in your internal DNS server. External access to the public website "abc.com" remains unaffected. Creating an internal DNS record for "abc.com" ensure internal users can access the website without the "www" prefix while preserving domain join functionality.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
ankitohc
Spotlight
Spotlight
In response to M02@rt37

‎10-13-2023 06:32 AM

Thank you. I really appreciate your quick answer.

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎10-13-2023 07:19 AM

Firstly, generally I believe it's a somewhat unusual to be creating any DNS records for external Internet hosts.

An internal DNS server would be where you define DNS records for your internal resources.  Such a server should pass a match failure to the public DNS servers for resolution.  (If a public DNS server resolved the DNS request, your internal DNS server normally would cache the result for some amount of time.)

Regarding not providing the whole FQDN, you "abc.com" example, I recall (?) there's a way to define a presumed "default", such as commonly used "www", but that's up to the administrator for a particular DNS domain.

I mention the foregoing because you're preempting DNS management of DNS resources not yours.  Usually the only time you might do this is when you're trying to black list some external sites from your network.  (Which can be a big time sink.  If that's your goal you might want to look into commercial products that continually update various black lists.)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card