DNS (Domain Name Server) is a huge distributed database that provides a specified Domain information through the Domain Name Server for Domain Name resolution. The Domain Name Server is responsible for converting the Domain Name to an IP address. It is impossible to put all Domain Name Information in the Internet on the same computer. Therefore, the DNS system uses a tree structure to store domain name information of different levels on different domain name servers, the top layer is the root domain server.
Due to enterprise office requirements, I have deployed a DNS server in the LAN. the DNS server address parameters on all clients are set to the IP address of the server. In addition, a domain named "knowsky.com" is created on the DNS server for enterprise employees to access the internal website.
However, after testing, users can access the enterprise intranet normally, but problems may occur when accessing websites on the Internet. After changing the DNS server address of the client to the IP address of the Internet DNS server, the client can access the website on the Internet, but cannot access the internal website of the enterprise. However, in order to save money, the "knowsky.com" domain is not registered on the public network DNS server, but can only be resolved by the internal enterprise network DNS server. Isn't there a perfect solution?
Analysis
DNS (Domain Name Server) is a huge distributed database that provides a specified Domain information through the Domain Name Server for Domain Name resolution. The Domain Name Server is responsible for converting the Domain Name to an IP address. It is impossible to put all Domain Name Information in the Internet on the same computer. Therefore, the DNS system uses a tree structure to store domain name information of different levels on different domain name servers, the top layer is the root domain server.
To resolve a domain name named knowsky.com, the client must first contact the local domain name server. If the domain name information cannot be found, the Local Domain Name Server will send a request to the root domain server, query the IP address of knowsky.com. The Root Domain Server finds that the domain name does not belong to its own jurisdiction, but belongs to a domain under net, it notifies the Domain Name Server to contact the Domain Name Server of the net domain to obtain more information, and sends a list of addresses of all the net domain name servers to the Local Domain Name Server. Then, the Local Domain Name Server continues to send resolution requests to these servers until the Domain Name Server to which the knowsky.com domain belongs is found and the IP address of knowsky.com is returned to the customer.
Because I have created the root domain and net domain on the DNS server in the LAN, when the DNS server receives a domain name that cannot be resolved, it will mistakenly think that it is the root domain server, the real root domain server in the Internet cannot be found, so the client cannot access the website using the domain name.
Solution
First, delete the root domain, net domain, and knowsky.com domain in the DNS server, and then re-create a knowsky.com domain to allow the client to normally access the internal enterprise website. At the same time, note that in addition to the domain required by the Enterprise Intranet site, you should try to create as few domain names as possible to prevent DNS servers from incorrectly resolving domain names or failing to resolve domain names.