I have a domain (for example test.example.com) that I wish to forward to my own network for Active directory purposes. The network already has a static IP address, and a DNS server set up that is successfully handling requests for the Domain controller internally.
What I can't figure out is how to set it up so that I can connect to the Domain Controller from outside my Local network.
We use Names.co.uk for hosting, I've been messing around with the DNS settings for about a week, but the names will not resolve. can anybody explain what I need to dO?
FYI I've tried adding the SRV records to the names.co.uk DNS server, but they do not resolve back to the DC, I've also tried adding a NS record for the names.co.uk DNS server to get my DNS to resolve it, but that doesnt seem to work either!
DNS is resolves names using a hierarchy, with each level requiring NS record listing the low-levels. E.g. test.example.com: the 'com' zone has NS records for the 'example.com' nameservers and the 'example.com' zone has NS records for the 'test.example.com' nameservers.
So, not knowing your domain name, I can't check how it resolves. But I can say that to make it visible to the rest of the world, you need to have NS records created in the parent domain which point to your own nameservers (which should also contain NS records for your domain to pointing to themselves).
Related
Let's say I have two DNS servers
DNS Server 1 (dnsserver1.com)
test.mydomain.com NS dnsserver2.com
hello.test.mydomain.com CNAME www.apple.com
DNS Server 2 (dnsserver2.com)
hello.test.mydomain.com CNAME www.google.com
According to my tests, if you visit hello.test.mydomain.com it'll display google.com, but I'm wondering if there's a way to override the delegation. Reason for this being that I'm switching my second DNS server (dnsserver2.com -> dnsserver3.com) and I would like to test this new delegation by individually overriding entries before I swap over the entire delegation.
I think I found my answer here, specifically:
Also note that any local zones you create would step on and override any outside DNS server's zones: It's not possible to have the A record for pc.home.mydomain.tld come from one NS and the AAAA record for it come from another: DNS delegates and declares authority by zone name, and that authority is for all record types within that zone.
If a nameserver is told it is authoritative for something and can't find the record it will not forward the query up the DNS tree, it will simply return NXDOMAIN.
As a result, my plan is to delegate individual records a second time like so:
DNS Server 1 (dnsserver1.com)
test.mydomain.com NS dnsserver2.com
DNS Server 2 (dnsserver2.com)
hello.test.mydomain.com NS dnsserver3.com
DNS Server 3 (dnsserver3.com)
hello.test.mydomain.com CNAME www.apple.com
I've setup my personal website with github, figured out the DNS configs based on the following page. I used A records because those are used in Route53 configs and when I test my DNS routing for mydomainname.com with Route53 tool, I get the proper response.
i.e. the DNS returns me the required GitHub IPs as I configured. However, when I try to run dig mydomainname.com I get an empty response.
I'm confident that I've waited long enough for changes to propagate (probably more than two full days now) so what could be the issue here? Any advice on how to further troubleshoot the routing issues?
UPDATE:
Looked up my url's who is data.
DNS Hosting works with 2 steps: configuring the dns servers to answer queries, and delegating the domain to them.
The first part you seem to have working: you've set up a Route 53 Zone, configured the records, and have successfully resolved them from one of the nameservers in the NS record Route 53 configurd for you when you created the zone.
The second step is essentially to tell your registrar that when the public attempt to look up the domain, they should be referred to the route 53 servers you configured. By adding these same dns servers from the NS record in the working, public route 53 zone, you will delegate dns on that domain to those servers.
You registered your domain on amazon so it created a route53 zone for you, with matching DNS servers in it. Either you removed this zone or created another one. That's fine to do, but each zone costs 50 cents a month, so get in the habit of removing ones that aren't working. You can create any number of route 53 zones to serve the same domain, but the ones you put in the registrar are the ones the public will use to resolve the domain.
Once whois mydomain.tld ( or a web equivalent, if whois isn't available in your environment, like from your screenshot) shows the same nameservers that you can successfully query against with dig, you're golden. It might take some time for the registrar's setting to propagate; in practice this is typically on the order of minutes.
Let's say I have a website example.com which I bought via a common domain registry nomcheap.com.
I want all traffic to a specific subdomain app.example.com to go to name server ns1.appserver.com so I can serve a specific user app.
I also want all other traffic (www.example.com, hello.example.com, *.example.com, etc.) to go to a different name server from a different provider ns1.squaresites.com so I can serve a general website (think something like a commerce Wordpress site).
None of the name servers are provided by the original domain registry nomcheap.com.
Is this possible? If so, any suggestions on how?
To point a subdomain to a name servers you need to create an NS record for the subdomain:
app.example.com NS ns1.appserver.com
This will make all queries go to ns1.appserver.com
*.example.com NS ns1.squaresites.com
The second record should catch all subdomains that don't have their own records (of any kind).
Delegating name server DNS responses can be done was the answer by #Lanexbg describes.
Realize that chaining your DNS lookups this way adds more time to DNS resolution and adds another potential point of failure in the resolution process. If the parent's name servers are down, they won't able to deliver the NS records to tell the client's resolver to continue the lookup process through a delegated name server.
Consider if using DNS "A" or "CNAME" records at the parent's DNS server would be acceptable alternative.
For more detail on how DNS resolution is delegated see this answer on serverfault.com:
How exactly should I set up DNS to delegate authority for subdomains?
We have several servers on AWS VPC, but all have a 'public' face via DNS, handled with Route53. The problem is that when one server looks up the address of another server via DNS, if the entry is an 'A' record, it gets the public IP, not the AWS 'private' IP, and transfers go via the external network address.
If on the other hand I configure the domain as a CNAME pointing the the AWS public DNS name, like this:
CNAME super.domain.com ec2-1-2-3-4.compute-1.amazonaws.com
then lookups from 'outside' the VPC get the real external IP address, and lookups from 'inside' get the local 10.x.x.x address. This is exactly as I want it. Now the problem comes that these servers need to send mail, and pretty much everyone (mailgun, mandrill, etc.) requires SPF and DKIM records. But you can't mix those TXT records with a CNAME.
I know I could use /etc/hosts files on the servers to pre-empt the DNS lookup and use A records, but there are 14 servers and growing, and every time one of them is restarted, I'd have to update all the hosts files - seems like a recipe for messing things up.
My question is this: Is there a way to set up AWS Route53 so I can take advantage of the automatic internal/external resolution of the Amazon public DNS name, and still provide effective SPF and DKIM records? I did ask this on the AWS forum, but didn't get any help there...
Mailgun is probably closest, in that you can use a subdomain for the SPK/DKIM records (e.g. mg.super.domain.com), which then doesn't clash with the CNAME records. But then you hit this problem, the solution to which appears to be an A record, and I'm back to having to maintain many records when the instance IP addresses change!
I setup up a HTTP server in home that is connected to the internet. I registered .COM a domain. Now I want to use this domain to connect to my server. but when i try to set my IP address as DNS I see this error :
Unable to update nameservers: Nameserver [MYIPADDRESS] doesn't exist at the registry
Nameservers indicates what server owns the DNS records for the zone, you need to create A records, not update the Nameserver. If you are on GoDaddy, switch to the "DNS Zone File" tab and then create an A record instead of trying to change the nameserver records.
You may want to check your TTL (Time To Live) value for the A-record. If the TTL is set to a higher time quanta, the changes will take a lot longer to propagate as the old IP address would still be cached.
Changing NS records would not be the ideal solution for what you are looking to accomplish as you are most likely not shunting traffic from one authoritative DNS server to another to answer queries for your zone.