Announcement

Collapse
No announcement yet.

Company domain with multiple names

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Company domain with multiple names

    Hi all. I've recently started a new Sys Admin job and I've inherited quite a mess. I have a quite the mess when it comes to the domain and the state of the DNS here. We constantly have issues with email getting kicked back and VPN users that cannot see certain machines. Let me draw it out.

    (Real names changed to protect the innocent)
    Internal domain name - internal.abc-xyz.com
    Corporate (external) domain - www.efg.com

    Here's the catch. abc-xyz.com was once owned by this company. They have since let the registration expire and somebody swooped in and grabbed it. So now if I VPN into the company and ping host1.internal.abc-xyz.com it will resolve out to the company that bought up the domain name. The previous IT guys setup a bunch of host files to help redirect people, but this is a nightmare to maintain as we build up new infrastructure and tear out the old stuff.

    I also seem to be having email issues related to DNS as well. We have MX records set for the www.efg.com domain, but our internal domain still looks like internal.abc-xyz.com. So I keep finding large quantities of email being kicked back with errors like relaying not allowed. My guess is because we do not have an MX record established for the internal.abc-xyz.com domain and since we no longer own it, I can't setup a new MX record.

    Can anyone give me some tips on how I can circumvent this issue and/or tell me if my hunches are right with regards to the MX records?

    Thanks all

  • #2
    Re: Company domain with multiple names

    Originally posted by SwitchKat View Post
    Here's the catch. abc-xyz.com was once owned by this company. They have since let the registration expire and somebody swooped in and grabbed it. So now if I VPN into the company and ping host1.internal.abc-xyz.com it will resolve out to the company that bought up the domain name. The previous IT guys setup a bunch of host files to help redirect people, but this is a nightmare to maintain as we build up new infrastructure and tear out the old stuff.
    Normally your VPN clients should be set to use internal DNS servers. It sounds like that's not happening.

    I also seem to be having email issues related to DNS as well. We have MX records set for the www.efg.com domain, but our internal domain still looks like internal.abc-xyz.com. So I keep finding large quantities of email being kicked back with errors like relaying not allowed. My guess is because we do not have an MX record established for the internal.abc-xyz.com domain and since we no longer own it, I can't setup a new MX record.
    Aren't you efg.com? If so then and you're on Exchange its all internal and it doesn't look at MX records. Do your users have an alias for efg.com?

    Comment


    • #3
      Re: Company domain with multiple names

      My 2 cents - clear out the hosts files on your workstations and create a forward lookup zone in DNS for abc-xyz.com
      Gareth Howells

      BSc (Hons), MBCS, MCP, MCDST, ICCE

      Any advice is given in good faith and without warranty.

      Please give reputation points if somebody has helped you.

      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

      Comment


      • #4
        Re: Company domain with multiple names

        Originally posted by Garen View Post
        Normally your VPN clients should be set to use internal DNS servers. It sounds like that's not happening.

        Yes, they should use internal, but what tends to happen is users set their PPTP client to use their current Internet gateway so they can continue to browse the web without going through the company VPN. This causes any DNS lookup like mailserver.internal.abc-xyz.com to go resolve outside the company.



        Aren't you efg.com? If so then and you're on Exchange its all internal and it doesn't look at MX records. Do your users have an alias for efg.com?
        The IT guys that ran this place before didn't know their arse from a hole in the ground. They have managed to make a Frankenstein mess by taking the original domain, internal.abc-xyz.com and tried to switch it over to efg.com. So internal DNS has zones for both these domains. All internal hosts reside in the internal.abc-xyz.com zone and we have a few items like WWW that reside in the efg.com zone.

        The more I have been working with this mess, the more frustrating it is becoming. I do think I have figured out my email situation though. It has to do with an old CNAME record on our external DNS that the Director decided we didn't need and blew it away. That record used to point back at the current email server and made our mail server appear to match the domain that was bought up. Long story short, the Director messed up.

        Comment


        • #5
          Re: Company domain with multiple names

          Here's my two cents, though slightly off topic. Please don't take this as anything other than a friendly opinion:

          You may not know, like, or agree with the way the previous it staff did their job, but it doesn't help your current situation to talk down about them. They may not have been at your level of ability but they are colleagues none the less. Whenever I inherit someone else's "mess" I always remember that someone is thinking the same thing about me at my previous job. It's best to leave your assesment and opinion about the prior sysadmin to yourself and focus on fixing the problem. You'll be better in the long run for it and you'll earn more respect from other it staffers by not speaking negatively about anyone else.

          That said, have you looked at renaming the internal domain?

          Comment


          • #6
            Re: Company domain with multiple names

            Originally posted by joeqwerty View Post
            Here's my two cents, though slightly off topic. Please don't take this as anything other than a friendly opinion:

            You may not know, like, or agree with the way the previous it staff did their job, but it doesn't help your current situation to talk down about them. They may not have been at your level of ability but they are colleagues none the less. Whenever I inherit someone else's "mess" I always remember that someone is thinking the same thing about me at my previous job. It's best to leave your assesment and opinion about the prior sysadmin to yourself and focus on fixing the problem. You'll be better in the long run for it and you'll earn more respect from other it staffers by not speaking negatively about anyone else.

            That said, have you looked at renaming the internal domain?

            Joeqwerty, I'm not bad mouthing people that truly tried to do their best. There are problems we're cleaning up that were just plain laziness. I spent a week cleaning up a patch panel that looked like a plate of spaghetti because somebody decide it was easier to move the patch cords around for the phones rather than learning the software that came with the product that will do phone moves for you. I have spent weeks combing through terabytes worth of old data trying to figure out what's being used and what isn't because the last admin's idea of taking backups was to take whole directory structures and copy them under other directories and then on top of that, give people full read/write access on the backups so people are changing backup files instead of the production files. All the while there is a perfectly good tape backup system just sitting here. These people were just plain lazy.

            Sorry for the rant. To answer your question, yes, we have looked into renaming the domain. We have since backed off that idea after we did a full analysis of the entire network. There is so much hard coding in the their home brew applications that we decided this could end up causing more harm than good if we didn't catch everything the first time around. We're currently looking at the possibility of bringing up a second domain, trusting the two, and then very slowly migrating things off to the new domain. Either way, there's a lot of work ahead of us.

            Comment


            • #7
              Re: Company domain with multiple names

              Well good luck and on the bright side, you'll eventually have everything up to snuff and to your standards.

              Comment

              Working...
              X