Configure name resolution for a federation server proxy in a DNS zone serving only the perimeter network
Applies To: Windows Server 2003 R2
So that name resolution can work successfully for a federation server proxy in a scenario in which one or more Domain Name System (DNS) zones serve only the perimeter network, the following tasks must be completed:
The hosts file on the federation server proxy must be updated to add the IP address of a federation server.
DNS in the perimeter network must be configured to resolve all client requests for the Federation Service endpoint Uniform Resource Locator (URL) to the federation server proxy. To accomplish this, you add a host address (A) resource record to perimeter DNS for the federation server proxy.
These procedures assume that a host (A) record for the federation server has already been created in the corporate network DNS. If this record does not yet exist, create this record, and then perform these procedures. For more information about how to create the host (A) record for the federation server, see Add a host (A) record to corporate DNS for a federation server.
Adding the IP address of a federation server to the hosts file
So that a federation server proxy can work as expected in the perimeter network of an account partner, you must add an entry to the hosts file on that federation server proxy that points to a federation server's DNS host name (for example, fs.corp.adatum.com) and IP address (for example, 192.168.1.4) in the corporate network of the account partner. Adding this entry to the hosts file prevents the federation server proxy from contacting itself to resolve a client-initiated call to a federation server in the account partner.
To add the IP address of a federation server to the hosts file
Navigate to the %systemroot%\Winnt\System32\Drivers directory folder and locate the hosts file.
Start Notepad, and then open the hosts file.
Add the IP address and the host name of a federation server in the account partner to the hosts file, as shown in the following example:
Save and close the file.
Adding a host (A) record to perimeter DNS for a federation server proxy
So that clients on the Internet can successfully access a federation server through a newly deployed federation server proxy, you must first create a host (A) resource record in the perimeter DNS. This resource record resolves the host name of the account federation server (for example, fs.corp.adatum.com) to the IP address of the account federation server proxy (for example, 184.108.40.206) in the perimeter network.
It is assumed that you are using a DNS server running Windows Server 2000 or Windows Server 2003 with the DNS Server service to control the perimeter DNS zone.
To add a host (A) record to perimeter DNS for a federation server proxy
On a DNS server for the perimeter network, open the DNS snap-in.
In the console tree, right-click the applicable forward lookup zone, and then click New Host (A).
In Name, type only the computer name of the federation server. For example, type fs for the fully qualified domain name (FQDN) fs.adatum.com.
In IP address, type the IP address for the new federation server proxy (for example, 220.127.116.11).
Click Add Host.