Be careful when setting up a DNS server.

Due to corporate office needs, I deployed a DNS server on the LAN. The DNS server address parameters on all clients are set to the IP address of the server. And a new domain called "rtj.net" has been created in the DNS server for enterprise employees to access the internal website.

But after testing, users can access the intranet normally, but there will be problems when accessing websites on the Internet. After modifying the client's DNS server address to the IP address of the public network DNS server, the author can access the website on the Internet, but cannot access the internal website of the enterprise. However, in order to save money, the "rtj.net" domain is not registered on the public network's DNS server. It can only be resolved by the internal DNS server of the enterprise network. Is there a way to achieve the best of both worlds?

Analysis

DNS (Domain Name Server) is a huge distributed database. It provides domain name resolution through domain name server to provide domain name resolution. Domain name server is responsible for converting domain name to IP address. It is impossible to put all the domain name information on the Internet in the same computer. Therefore, the DNS system uses a tree structure to store domain name information of different hierarchical domains in different domain name servers, and the highest layer is the root domain server.

To resolve a domain name named www.fyssz.net, the client first needs to contact the local domain name server. If the domain name information is not found, the local domain name server will send a request to the root domain server. The IP address of www.fyssz.net, the root domain server finds that the domain name does not belong to its own jurisdiction, but belongs to a domain under the net, it will notify the domain name server to contact the domain name server of the net domain to obtain more information. A list of addresses of all net domain name servers sent to the local domain name server. The local domain name server will then continue to send resolution requests to these servers until the domain name server to which the fyssz.net domain belongs is found and the IP address information of www.fyssz.net is returned to the client.

Since the author created the root domain and the net domain in the DNS server on the LAN, when the DNS server receives the domain name that cannot be resolved, it will mistakenly think that it is the root domain server and cannot find the Internet. The real root domain server, so there is a problem with clients not being able to access the website using a domain name.

Solution

First delete the root domain, net domain and rtj.net domain in the DNS server, and then re-create a rtj.net domain, this domain is created to enable the client to Normal access to corporate intranets. At the same time, be aware that in addition to the domains necessary for the internal website of the enterprise, the domain should be created as little as possible to prevent the DNS server from resolving the domain name incorrectly or unable to resolve it.