Re: dns + firewall?

From: Eric (eric_at_hotmail.com)
Date: 08/09/04 

Date: Mon, 9 Aug 2004 16:54:58 +0200

ha!! U r the king! Now it worked! Thank you, this has been a pain in the
*** for some time now!!

:))))

/e

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> skrev i meddelandet
news:uOdgLUhfEHA.596@TK2MSFTNGP11.phx.gbl...
> In news:O7e$mKhfEHA.1644@tk2msftngp13.phx.gbl,
> Eric <eric@hotmail.com> wrote their comments
> Then Kevin replied below:
> > Ok! I reallys suck at this so slow and easy please. :-/
> >
> > We have a firewall (linux) that does a portforward on
> > port 80 to the dmz win 2k-machine where the webb and the
> > dns is located. The rest of the computers is "inside" the
> > firewall, including the "main Win 2k computer" to which
> > all the work stations log on.
> >
> > Everything works fine, external computers can access the
> > dmz win 2k-machine webb fine, we can access the net from
> > the inside , *but* we can only use the address
> > lan.company.com (or some alias) to access the dmz win
> > 2k-machine webb from the inside and *not*
> > www.company.com. And that creates problems when we want
> > to update our site and use absolute adresses.
>
> Can I assume that all users are using only the Win2k that is _NOT_ in the
> DMZ for DNS?
> Local computers will not be able to use the DNS in the DMZ for DNS because
> if I getting the picture right, it has public DNS zones.
> That being said, in the DNS server for the internal LAN, create a zone
named
> company.com, with records for www and or whatever with the private IP of
the
> webserver in the DMZ.
> If www.company.com is the only name you need to access on the DMZ server,
I
> would create a zone for that name (www.company.com), then create a blank
> host with the IP of the web server in the DMZ, this will prevent the local
> DNS from intercepting names that can be accessed from inside the LAN by
the
> public addresses.
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ================================================
> --
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ================================================
> http://www.lonestaramerica.com/
> ================================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ================================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ================================================
>
>