Aha! I might have found something... Will this work??
____________________________________________________________________
This is good especially if you have a Split Horizon environment where the
internal and external domain names are the same and the users need to get to
their external name by
http://theirdomain.com but their DC/DNS server
responds and not the actual external website.
This one is done on the netlogon service parameters in the registry. This
will stop netlogon registering the blank FQDN with the internal private IP.
This stops the netlogon service from registering that "Blank Domain FQDN" IP
address. Those IPs are actually called the LdapIPAddress. Then you manually
create a blank FQDN with the IP that you do want, whether a local private IP
or some public IP, any or mutliple IPs, if you want.
If your ISP rotates or changes the website IP, then this will not work.
Usually we can delegate the www zone to the SOA of your external domain, but
this can;t be done with the blank domain record.
===========================================
Disabling the Same As Parent LdapIpAddress blank FQDN
[Taken from
http://support.microsoft.com/?id=295328]
You do this by adding a registry entry to the DC(s) and rebooting:
1) Add the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Registry Value: DnsAvoidRegisterRecords and add the "LdapIpAddress"
Mnemonic.
2) Do this on all DCs and restart netlogon or restart machine.
This will prevent the DC from adding the domain A records from netlogon.
And you can add multiple Blank Domain A records as you need.
====================================
====================================
If you want to create mutliples, you can do it manually as I mentioned
above, or use this method to force the system to do it for you. I would
rather create them manually but here;s the instructions if you feel up to
it....
Now you can also publish the IP you want instead of having to put it in
manually for the blank FQDN. Do this on the DNS service in the registry.
[Taken from
http://support.microsoft.com/?id=275554]
Configure the DNS service to publish a specific IP addresses to the DNS
zone.
To do so, make the following registry modification:
PublishAddresses
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
Data type: REG_SZ
Range: IP address [IP address]
Default value: blank
This modification specifies the IP addresses that you want to publish for
the computer. The DNS server creates A records only for the addresses in
this list. If this entry does not appear in the registry, or if its value is
blank, the DNS server creates an A record for each of the computer's IP
addresses.
This entry is for computers that have multiple IP addresses, only a subset
of which you want to publish. Typically, this prevents the DNS server from
returning a private network address in response to a query when the computer
has a corporate network address.
____________________________________________________________________
"Ryan Faricy" <ryan DeleteThis @faricy.net> wrote in message
news:eOmOu2o5GHA.2264@TK2MSFTNGP02.phx.gbl...
> So everyone, I've spent hours scouring the net and haven't really come up
> with a definitive answer.
>
> I have:
> - a static IP from a local ISP
> - DSL through local telco, with router
> - Two boxes: 1) Win2K box, IP=10.0.0.2, w/ IIS, DNS, AD, and it's a PDC
> ... 2) is a mail server (Win2003 server), member of domain FARICY.NET,
> which is on box 1.
>
> Everything works GREAT. I only have one problem.
>
> I set up DNS on box 1 with primary zone FARICY.NET which is AD integrated
> and allows dynamic updates. Router forwards all traffic from 53 to box 1
> for resolution.
>
> FARICY.NET contains all proper information needed to run my web services
> and works great. EXCEPT ... AD insists on updating the zone with
> (same as parent folder) HOST 10.0.0.2 ............. *in addition* to what
> I REALLY want (to be the default at least) is:
> (same as parent folder) HOST my.public.ip.address
>
> They are both there, so I have two entries for FARICY.NET...
> @ IN A 10.0.0.2
> @ IN A my.public.ip.address
>
> Whenever I run an nslookup, it always returns two results:
> Non-authoritative answer:
> Name: faricy.net
> Addresses: my.public.ip.address, 10.0.0.2
>
> Unfortunately, when I try to ping or visit faricy.net via local DNS or
> after it propogates to my ISP, etc,, it tries to resolve 10.0.0.2.
>
> Is there ANY way I can stop AD from messing with just this particular
> entry?? Or any recommended solution?
>
> I would be very grateful!!! Thank you so much.
>
FAQ
Profile
Private Messages
Log in
Public shame!! haha.
Win 2000/NT/98/ME