locked
DirectAccess force resolution for an external hostname to an internal DNS server RRS feed

 , 
 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    We're using DirectAccess on 2012 R2 and have an internal domain of domain.local and an external of domain.com. I'd like to force resolution for an external hostname: server.domain.com to be resolved by our internal DNS.

    Can this be achived and how exactly (I considered using NRPT exemptions, but from my understanding that is if I wanted to resolve a server.domain.local using an external DNS)?

    Monday, May 26, 2014 10:31 AM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi,

    Your understanding is right.

    NRPT is used for enforcing client resolve the hostname by internal DNS. NRPT exemptions are used for forcing client resolve a internal hostname by external DNS.

    You can configure DNS suffixes and internal DNS servers in Infrastructure Server Setup. DirectAccess Client queries that match a suffix use the specified DNS server for name resolution. Name suffixes that do not have corresponding DNS servers are treated as exemptions, and DNS setting on client computers are used for name resolution.

    To configure the infrastructure servers, follow the steps below.

    1. In the middle pane of the Remote Access Management console, in the Step      3 Infrastructure Servers area, click Configure.
    2. In the Infrastructure Server Setup Wizard, on the Network Location      Server page, click the option that corresponds to the location of the      network location server in your deployment. If the network location server      is on a remote web server, enter the URL and click Validate before      you continue. If the network location server is on the Remote Access      server, click Browse to locate the relevant certificate, and then      click Next.
    3. On the DNS page, in the table, enter any additional name      suffixes that will be applied as Name Resolution Policy Table (NRPT)      exemptions. Select a local name resolution option, and then click Next.
    4. On the DNS Suffix Search List page, the Remote Access server      automatically detects any domain suffixes in the deployment. Use the Add      and Remove buttons to add and remove domain suffixes from the list      of domain suffixes to use. To add a new domain suffix, in New Suffix,      enter the suffix, and then click Add. Click Next.
    5. On the Management page, add any management servers that are not      detected automatically, and then click Next. Remote Access      automatically adds domain controllers and System Center Configuration      Manager servers.

    Hope this helps.

    Steven Lee

    TechNet Community Support

    Tuesday, May 27, 2014 9:57 AM
    Moderator
  • Question
    Sign in to vote
    1
    Sign in to vote

    Yes, you can add a single host. Here are some examples:

    If you add company.com, then your entire suffix will be sent through the DA tunnels.

    If you add server01.company.com, then only that specific name will be routed through the DA tunnels, and the rest of company.com will continue to route on the regular internet.

    Tuesday, May 27, 2014 7:44 PM

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi,

    Your understanding is right.

    NRPT is used for enforcing client resolve the hostname by internal DNS. NRPT exemptions are used for forcing client resolve a internal hostname by external DNS.

    You can configure DNS suffixes and internal DNS servers in Infrastructure Server Setup. DirectAccess Client queries that match a suffix use the specified DNS server for name resolution. Name suffixes that do not have corresponding DNS servers are treated as exemptions, and DNS setting on client computers are used for name resolution.

    To configure the infrastructure servers, follow the steps below.

    1. In the middle pane of the Remote Access Management console, in the Step      3 Infrastructure Servers area, click Configure.
    2. In the Infrastructure Server Setup Wizard, on the Network Location      Server page, click the option that corresponds to the location of the      network location server in your deployment. If the network location server      is on a remote web server, enter the URL and click Validate before      you continue. If the network location server is on the Remote Access      server, click Browse to locate the relevant certificate, and then      click Next.
    3. On the DNS page, in the table, enter any additional name      suffixes that will be applied as Name Resolution Policy Table (NRPT)      exemptions. Select a local name resolution option, and then click Next.
    4. On the DNS Suffix Search List page, the Remote Access server      automatically detects any domain suffixes in the deployment. Use the Add      and Remove buttons to add and remove domain suffixes from the list      of domain suffixes to use. To add a new domain suffix, in New Suffix,      enter the suffix, and then click Add. Click Next.
    5. On the Management page, add any management servers that are not      detected automatically, and then click Next. Remote Access      automatically adds domain controllers and System Center Configuration      Manager servers.

    Hope this helps.

    Steven Lee

    TechNet Community Support

    Tuesday, May 27, 2014 9:57 AM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thank you for your reply. If I go and configure additional suffixes that would then include the entire domain. I only want to add a single host, can that be achieved?
    Tuesday, May 27, 2014 10:16 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    Yes, you can add a single host. Here are some examples:

    If you add company.com, then your entire suffix will be sent through the DA tunnels.

    If you add server01.company.com, then only that specific name will be routed through the DA tunnels, and the rest of company.com will continue to route on the regular internet.

    Tuesday, May 27, 2014 7:44 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Thank you very much I'll try to specify a specific name, it seems it's very much possible.
    Tuesday, June 3, 2014 7:43 AM