Configure name resolution for a federation server proxy in a DNS zone serving both the perimeter network and Internet clients

Applies To: Windows Server 2003 R2

So that name resolution can work successfully for a federation server proxy in a scenario in which one or more Domain Name System (DNS) zones serve both the perimeter network and Internet clients, the following tasks must be completed:

  • DNS in the Internet zone that you control must be configured to resolve all Internet client requests for the Federation Service endpoint Uniform Resource Locator (URL) to the federation server proxy. To accomplish this, you add a host (A) record to the Internet DNS zone for the federation server proxy.

  • DNS in the perimeter network must be configured to resolve all incoming client requests for the Federation Service endpoint URL to the federation server. To accomplish this, you add a host (A) record to the perimeter DNS zone for the federation server proxy.

Note

These procedures assume that a host address (A) resource record for the federation server has already been created in the corporate network DNS. If this record does not yet exist, create this record and then perform these procedures. For more information about how to create a host (A) record for the federation server, see Add a host (A) record to corporate DNS for a federation server.

Adding a host (A) record to the Internet DNS zone for a federation server proxy

So that clients on the Internet can successfully access a federation server through a newly deployed federation server proxy, you must first create a host (A) resource record in the Internet DNS zone that you control. This resource record resolves the host name of the account federation server (for example, fs.adatum.com) to the IP address of the account federation server proxy (for example, 131.107.27.68) in the perimeter network.

Note

It is assumed that you are using a DNS server running Windows Server 2000 or Windows Server 2003 with the DNS Server service to control the Internet DNS zone.

To add a host (A) record to the Internet DNS zone for a federation server proxy

  1. On a DNS server for the Internet DNS zone, open the DNS snap-in.

  2. In the console tree, right-click the applicable forward lookup zone, and then click New Host (A).

  3. In Name, type only the computer name of the federation server. For example, type fs for the fully qualified domain name (FQDN) fs.adatum.com.

  4. In IP address, type the IP address for the new federation server proxy (for example, 131.107.27.68).

  5. Click Add Host.

Adding a host (A) record to the perimeter DNS zone for a federation server proxy

So that Internet client requests can be successfully processed by the federation server proxy and reach the federation server after they are resolved by the Internet DNS zone, you must create a host (A) resource record in the perimeter DNS zone. This resource record resolves the host name of the account federation server (for example, fs. adatum.com) to the IP address of the account federation server (for example, 192.168.1.4) in the corporate network.

Note

It is assumed that you are using a DNS server running Windows Server 2000 or Windows Server 2003 with the DNS Server service to control the Perimeter DNS zone.

To add a host (A) record to the perimeter DNS zone for a federation server proxy

  1. On a DNS server for the perimeter network, open the DNS snap-in.

  2. In the console tree, right-click the applicable forward lookup zone, and then click New Host (A).

  3. In Name, type only the computer name of the federation server. For example, type fs for the FQDN fs.adatum.com.

  4. In the IP address text box, type the IP address for the federation server in the corporate network (for example, 192.168.1.4).

  5. Click Add Host.

See Also

Concepts

Checklist: Installing a federation server proxy
Name resolution requirements for federation server proxies