Be cautious about setting up a DNS server

Because the enterprise office needs, the author has deployed the DNS server in the local area network, all client's DNS server address parameter is set to this server's IP address. Also, a domain named "rtj.net" has been created in the DNS server for enterprise employees to access internal Web sites.

But after testing, users can normally access the intranet, but there are problems accessing Web sites on the Internet. After modifying the DNS server address of the client to the IP address of the public network DNS server, the author can access the Web site on the Internet, but cannot access the intranet website. However, in order to save money, "rtj.net" domain is not registered on the public network DNS server, can only rely on the Enterprise network internal DNS server to resolve, do not have a way to both worlds?

Analysis

DNS (Domain Name server) is a huge distributed database that provides domain-specific information through a domain name server, which is responsible for translating domain names into IP addresses. It is not possible to put all domain name information from the Internet on the same computer, so the DNS system uses a tree structure to store domain name information for different levels of domain names in different domain name servers, with the highest level being the root domain server.

To resolve a domain name named Www.fyssz.net, the client must first contact with the local domain name server, if the domain name information is not found, the local domain name server will send a request to the root domain server, query www.fyssz.net IP address, the root domain server found that the domain name does not belong to their own jurisdiction, but belong to net Domain, it notifies the domain name server to contact the domain name server for more information and sends a list of addresses for all NET domain name servers to the local domain name server. The local domain name server then continues to send resolution requests to these servers until the domain name server to which the fyssz.net domain belongs is found and the Www.fyssz.net IP address information is returned to the customer.

Because the author created the root domain and net domain in the DNS server within the LAN, so when a DNS server receives a domain name that cannot be resolved, it incorrectly considers itself to be the root domain server, and cannot find the real root domain server in the Internet, so there is a problem that the client cannot use the domain name to access the Web site.

Solutions

First remove the root domain, net domain, and rtj.net domain from the DNS server, and then recreate a rtj.net domain to allow the client to access the internal corporate web site normally. Also note that in addition to the domains that are required for the intranet site, you should create as few domains as possible to prevent DNS servers from incorrectly resolving domain names or parsing them.