Answered by:
DirectAccess force resolution for an external hostname to an internal DNS server

Question
-
We're using DirectAccess on 2012 R2 and have an internal domain of domain.local and an external of domain.com. I'd like to force resolution for an external hostname: server.domain.com to be resolved by our internal DNS.
Can this be achived and how exactly (I considered using NRPT exemptions, but from my understanding that is if I wanted to resolve a server.domain.local using an external DNS)?
Monday, May 26, 2014 10:31 AM
Answers
-
Hi,
Your understanding is right.
NRPT is used for enforcing client resolve the hostname by internal DNS. NRPT exemptions are used for forcing client resolve a internal hostname by external DNS.
You can configure DNS suffixes and internal DNS servers in Infrastructure Server Setup. DirectAccess Client queries that match a suffix use the specified DNS server for name resolution. Name suffixes that do not have corresponding DNS servers are treated as exemptions, and DNS setting on client computers are used for name resolution.
To configure the infrastructure servers, follow the steps below.
- In the middle pane of the Remote Access Management console, in the Step 3 Infrastructure Servers area, click Configure.
- In the Infrastructure Server Setup Wizard, on the Network Location Server page, click the option that corresponds to the location of the network location server in your deployment. If the network location server is on a remote web server, enter the URL and click Validate before you continue. If the network location server is on the Remote Access server, click Browse to locate the relevant certificate, and then click Next.
- On the DNS page, in the table, enter any additional name suffixes that will be applied as Name Resolution Policy Table (NRPT) exemptions. Select a local name resolution option, and then click Next.
- On the DNS Suffix Search List page, the Remote Access server automatically detects any domain suffixes in the deployment. Use the Add and Remove buttons to add and remove domain suffixes from the list of domain suffixes to use. To add a new domain suffix, in New Suffix, enter the suffix, and then click Add. Click Next.
- On the Management page, add any management servers that are not detected automatically, and then click Next. Remote Access automatically adds domain controllers and System Center Configuration Manager servers.
Hope this helps.
Steven Lee
TechNet Community Support
- Proposed as answer by Steven_Lee0510Moderator Wednesday, May 28, 2014 1:26 AM
- Marked as answer by Steven_Lee0510Moderator Tuesday, June 3, 2014 7:31 AM
Tuesday, May 27, 2014 9:57 AMModerator -
Yes, you can add a single host. Here are some examples:
If you add company.com, then your entire suffix will be sent through the DA tunnels.
If you add server01.company.com, then only that specific name will be routed through the DA tunnels, and the rest of company.com will continue to route on the regular internet.
- Proposed as answer by Steven_Lee0510Moderator Wednesday, May 28, 2014 1:26 AM
- Marked as answer by Steven_Lee0510Moderator Tuesday, June 3, 2014 7:31 AM
Tuesday, May 27, 2014 7:44 PM
All replies
-
Hi,
Your understanding is right.
NRPT is used for enforcing client resolve the hostname by internal DNS. NRPT exemptions are used for forcing client resolve a internal hostname by external DNS.
You can configure DNS suffixes and internal DNS servers in Infrastructure Server Setup. DirectAccess Client queries that match a suffix use the specified DNS server for name resolution. Name suffixes that do not have corresponding DNS servers are treated as exemptions, and DNS setting on client computers are used for name resolution.
To configure the infrastructure servers, follow the steps below.
- In the middle pane of the Remote Access Management console, in the Step 3 Infrastructure Servers area, click Configure.
- In the Infrastructure Server Setup Wizard, on the Network Location Server page, click the option that corresponds to the location of the network location server in your deployment. If the network location server is on a remote web server, enter the URL and click Validate before you continue. If the network location server is on the Remote Access server, click Browse to locate the relevant certificate, and then click Next.
- On the DNS page, in the table, enter any additional name suffixes that will be applied as Name Resolution Policy Table (NRPT) exemptions. Select a local name resolution option, and then click Next.
- On the DNS Suffix Search List page, the Remote Access server automatically detects any domain suffixes in the deployment. Use the Add and Remove buttons to add and remove domain suffixes from the list of domain suffixes to use. To add a new domain suffix, in New Suffix, enter the suffix, and then click Add. Click Next.
- On the Management page, add any management servers that are not detected automatically, and then click Next. Remote Access automatically adds domain controllers and System Center Configuration Manager servers.
Hope this helps.
Steven Lee
TechNet Community Support
- Proposed as answer by Steven_Lee0510Moderator Wednesday, May 28, 2014 1:26 AM
- Marked as answer by Steven_Lee0510Moderator Tuesday, June 3, 2014 7:31 AM
Tuesday, May 27, 2014 9:57 AMModerator -
Thank you for your reply. If I go and configure additional suffixes that would then include the entire domain. I only want to add a single host, can that be achieved?Tuesday, May 27, 2014 10:16 AM
-
Yes, you can add a single host. Here are some examples:
If you add company.com, then your entire suffix will be sent through the DA tunnels.
If you add server01.company.com, then only that specific name will be routed through the DA tunnels, and the rest of company.com will continue to route on the regular internet.
- Proposed as answer by Steven_Lee0510Moderator Wednesday, May 28, 2014 1:26 AM
- Marked as answer by Steven_Lee0510Moderator Tuesday, June 3, 2014 7:31 AM
Tuesday, May 27, 2014 7:44 PM -
Thank you very much I'll try to specify a specific name, it seems it's very much possible.Tuesday, June 3, 2014 7:43 AM