none
DNS record to point to HTTPS URL in another forest which are not trusted RRS feed

  • Question

  • Hi

    Is it possible to create a DNS record in Domain A to point to Domain B which are in different forests with no trust?

    I need to point devices in Domain A to an internal URL IIS server on Domain B

    They are connecting over a VPN.

    Thanks in advance.



    • Edited by Webbeye Monday, July 9, 2018 10:28 AM
    Monday, July 9, 2018 10:27 AM

Answers

  • Ok I didn't understand that, I thought you wanted to have in DomainA a record pointing to an IP in DomainB.

    So regarding your explanation you have 2 options :

    • Create a conditional forwarder or stub in DomainA pointing to DomainB but you will have to be sure that you have DNS port open between your DNS servers in DomainA and the DNS servers in DomainB
    • Create a Primary Zone in DomainA corresponding to the DNS name of DomainB and create the record you want pointing to the Web server in DomainB but this configuration will mean that your DNS servers in DomainA will be authoritative for the zone (Which means they should be able to answer every request regarding the DNS zone of DomainB)

    Best Regards,

    • Marked as answer by Webbeye Tuesday, August 7, 2018 2:15 PM
    Thursday, August 2, 2018 12:30 PM

All replies

  • Hello,

    DNS - it not access, it just convert symbol name in address and reverse. There are no any reason to create unreal DNS record. So you could create zone Domain B and there create record you need.

    Monday, July 9, 2018 12:44 PM
  • Hello,

    Sorry I do not understand your reply...



    • Edited by Webbeye Monday, July 9, 2018 3:14 PM
    Monday, July 9, 2018 3:14 PM
  • Hello,

    Like tolsyiii said DNS is just to convert a name to an IP address and reverse.

    So regarding your question you can perfectly create a record in DomainA that points to an IP in DomainB even if you have no trust.

    Best Regards,

    Monday, July 9, 2018 4:39 PM
  • You can create DNS record for any domain, independently there are trusts or not. You can create on your DNS servers any records - for go0gle, for micposoft, or any else domain. Trusts - is relationship for getting some access between domains/forest, but for creating manual DNS-records in your domain - it doesn't need.
    Tuesday, July 10, 2018 5:40 AM
  • Thanks for the reply..

    What type of DNS record is required ?

    When creating an A record it adds the FQDN of the internal domain to the record?

    ie IP = hostname.externaldomain.net.internaldomain.local

    what is required is IP = hostname.externaldomain.net

    thanks




    • Edited by Webbeye Thursday, August 2, 2018 9:53 AM
    Thursday, August 2, 2018 9:53 AM
  • Ok I didn't understand that, I thought you wanted to have in DomainA a record pointing to an IP in DomainB.

    So regarding your explanation you have 2 options :

    • Create a conditional forwarder or stub in DomainA pointing to DomainB but you will have to be sure that you have DNS port open between your DNS servers in DomainA and the DNS servers in DomainB
    • Create a Primary Zone in DomainA corresponding to the DNS name of DomainB and create the record you want pointing to the Web server in DomainB but this configuration will mean that your DNS servers in DomainA will be authoritative for the zone (Which means they should be able to answer every request regarding the DNS zone of DomainB)

    Best Regards,

    • Marked as answer by Webbeye Tuesday, August 7, 2018 2:15 PM
    Thursday, August 2, 2018 12:30 PM
  • Thanks Dokoh

    I just want to make sure i fully understand your points

    1. I dont want to open any DNS ports between domains\companies - they are totally separate.

    2. Regarding your point below, is this a negative thing, what would the impact of this be on either domains?

    but this configuration will mean that your DNS servers in DomainA will be authoritative for the zone (Which means they should be able to answer every request regarding the DNS zone of DomainB)

    3. Would GlobalNames zone be any use?

    Thanks so much for your help and swift reply






    • Edited by Webbeye Thursday, August 2, 2018 12:57 PM
    Thursday, August 2, 2018 12:55 PM
  • Hello,

    So if you don't want to have any DNS ports open between the 2 companies you will have to create the zone for DomainB in DomainA.

    The problem with this configuration is like I told DomainA will be authoritative for the zone.

    So for example let's imagine that you create the zone and create the record (Zone name contoso.com and record web.contoso.com) in DomainA, if one of your client in DomainA wants to access app1.contoso.com because you are authoritative for the zone this client will be unable to access the resource even if it really exist in DomainB

    Regarding the last question GlobalNames is usefully when you want to provide shortname resolution (Sort of WINS)

    Best Regards,

    Thursday, August 2, 2018 1:33 PM
  • Thanks Dokoh..

    Soooo.. If a forward lookup Zone was created and named "web.contoso.com" and a host A record created within named "same as parent folder" point to the IP on the web.contoso.com this shoudl be okay?

    There are no other resources in DomainB that require access..




    • Edited by Webbeye Tuesday, August 7, 2018 10:26 AM
    Tuesday, August 7, 2018 10:26 AM
  • Hello,

    It is a little awkward but it should work

    Best Regards,

    Tuesday, August 7, 2018 12:20 PM
  • Its only a temporary fitting to get a certificate and then the configuration can be deleted.. 


    • Edited by Webbeye Tuesday, August 7, 2018 2:11 PM
    Tuesday, August 7, 2018 2:10 PM