Hostname in one domain, IP address in another?

[Barry Margolin]

In article <174C54366205D211A2F900A0C9C83B3203CBAC9B at fd11.ftb.ca.gov>,
Stewart.Ann <Ann_Stewart at ftb.ca.gov> wrote:
>Our domain is ftb.ca.gov <http://www.ftb.ca.gov> .   We are NOT a subnet of
>the main California domain, ca.gov. <http://www.ca.gov>   We have a host in

Since there's no relationship between the forward DNS hierarchy and
subnets, this doesn't matter.  Any name in any domain can point to any
address in any network.

>the ftb.ca.gov domain whose name is www.taxes.ca.gov.

This sentence makes no sense.  The name www.taxes.ca.gov is in the
taxes.ca.gov domain, not the ftb.ca.gov domain.  I think you mean you have
a host on your subnet whose name is www.taxes.ca.gov -- remember, there's
no correspondence between forward domains and subnets.

><http://www.taxes.ca.gov. >   There is a link to this host from the CA main
>page, www.ca.gov <http://www.ca.gov> .  The link points to www.taxes.ca.gov
><http://www.taxes.ca.gov> .  Browsers using this link are first directed to
>the ca.gov DNS servers, where www.taxes.ca.gov <http://www.taxes.ca.gov>  is
>tied to the correct IP address and the resolution is fast.  So everything is
>hunky-dory for people outside our firewall who click on the link from the CA
>home page.  However, inside the firewall, it takes an entire minute for the
>page to load, and it ends up, of course, with the FQDN of
>www.taxes.ca.gov.ftb.ca.gov <http://www.taxes.ca.gov.ftb.ca.gov> .  The
>one-minute wait is annoying for people higher up who make a lot more money
>than I do.  They want it to resolve NOW.  I tried calling the host just
>"taxes" so that after resolution (internal) its name would be
>taxes.ftb.ca.gov, and that works fine internally: all they have to do is
>type "taxes" in the browser.  But the well paid higher-up person wants to be
>able to give demos, inside the firewall, showing how EZ it is to get to our
>tax site by clicking on the CA home page link, and doesn't want to type
>"taxes" in the browser address line.  Here's my question:  Is there a way to
>set it up in our DNS database so it can be called www.taxes.ca.gov
><http://www.taxes.ca.gov>  and have it resolve immediately?

You must have split DNS set up behind your firewall, and apparently there's
a problem with how it accesses the rest of the ca.gov hierarchy.  But
without more information about your internal DNS and firewall
configurations, it's impossible to determine what's wrong.

Try turning on tracing on your internal server and see what happens when
someone tries to look up www.taxes.ca.gov.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.