Re: dns server behind a firewall?
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Wed, 1 Jun 2005 16:58:39 -0500
"Gus" <Gus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2D7556AE-4F9F-411D-A841-8C95D0B61E6E@xxxxxxxxxxxxxxxx
> Hi!
> I only have one public address, and there was no firewall before. We just
> bought the Dlink DLF-600 a few days ago, I haven t pluged it on my network
> cause I wanted to be sure about the server IP switching. I just read the
> manual and get the basics about "virtual server" which allows port
forwarding
> on the dns,mail and web incoming request.
Sounds right -- whatever the DLink calls port/address forwarding/mapping.
> My configuration should be somethin like this:
>
> Internet------ Firewall ----------------Server
> 150.125.14.25 172.17.2.1
>
> The only change on my dns server configuration is the public IP for a
> private one?
Probably -- just make sure it is resolving and test it from OUTSIDE
to make sure you can reach it.
Your DNS (and web/smtp/etc) will be down during switchover
until it is up and fully tested.
> No additional changes on my w2k dns console?
No. Doublecheck that the DNS server allows queries on all
addresses (and not just that specific former address.)
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
>
> Thanks a lot Herb!
>
> Gus Viamonte
>
>
> "Herb Martin" wrote:
>
> > "Gus" <Gus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:A2C1CC29-BFB3-4128-BF59-13B1DFB93A16@xxxxxxxxxxxxxxxx
> > > Hi again Herb!
> > > You know Im a newbie on all this DNS stuff. I know It will be easier
to
> > give
> > > it to the registrar but boss around here doesn´t agree.
> >
> > What are his reasons? Most people never think this through.
> >
> > > They just bought the
> > > firewall and want me to do the job, thats why I m posting again. I am
a
> > > little confused about switching server IP address.
> >
> > You go to your registrar and fill out a form. But there is a pretty
> > good chance your DNS and anything that depends on it will be
> > down a few days unless you run the DNS at both addresses (old
> > and new) during the switch over.
> >
> > Do you have two DNS servers? Does you boss realize that when
> > all of your (single?) DNS servers are down most people will lose
> > access to your web, email etc....?
> >
> > > I´m using a Dlink DFL-600 firewall which is a NAT one.
> >
> > The firewall specific issues you must get from the firewall (vendor
> > specific) folks or from reading the manual but we can give you the
> > prnciples.
> >
> > You map the external (firewall) address ports 53 to the internal
> > (DNS server) address on ports 53.
> >
> > > I have to set the wan port on the firewall to
> > > use a public IP, the one I got is the server´s, so Do I have to use
this
> > > public Ip on the switch and a private one on the server?
> >
> > Yes. If that is the only public address you have you must do that.
> >
> > In this case you don't need to change the parent registration since
> > to the outside world they must use the same (old) address which
> > now belongs to the firewall (and is mapped on ports 53 to the
> > DNS server.)
> >
> > > How I register NAT external address with the parent zone ?
> >
> > If you have only one address that isn't necessary - I answered as if
> > you had both firewall and DNS working previously (on different
> > addresses.)
> >
> > Give the public address to the firewall and make sure you can do
> > the mapping (might called "port forwarding", "port mapping",
> > "define server", "defining services" or something that has the
> > same general meaning...)
> >
> >
> >
> > --
> > Herb Martin, MCSE, MVP
> > Accelerated MCSE
> > http://www.LearnQuick.Com
> > [phone number on web site]
> >
> > >
> > > Thanks a lot.
> > >
> > > "Herb Martin" wrote:
> > >
> > > > "Gus" <Gus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > > news:0E3A087C-1925-49D1-8DEF-6BFFB6CC3F35@xxxxxxxxxxxxxxxx
> > > > > Is it possible to place my dns server behind a firewall? My DNS
server
> > has
> > > > a
> > > > > public IP address and host my two internet domains zones.
> > > >
> > > > Sure but the easier and more reliable (probably safer too) solution
> > > > is to just move a PUBLIC DNS server back to the registrar.
> > > >
> > > > They have 24/7 support, Internet backbone bandwidth,
> > > > industrial UPS, and at least two servers which you are
> > > > supposed to have anyway.
> > > >
> > > > > Help will be apreciatted.
> > > >
> > > > Inet --- FireWall --- DNS
> > > >
> > > > Open UDP and TCP 53 for inbound destination and response
> > > > from those ports to any outside.
> > > >
> > > > Give the DNS an address appropriate to the network behind the
> > > > Firewall.
> > > >
> > > > If the firewall is a NAT you must register the NAT external
> > > > address with the parent zone AND you must map the ports
> > > > above from the outside to those same ports on the internal
> > > > address of the DNS.
> > > >
> > > > It's a lot easier and safer (and usually free -- you already paid
> > > > for it) to give it back to the registrar and only handle your
> > > > internal DNS.
> > > >
> > > >
> > > > --
> > > > Herb Martin, MCSE, MVP
> > > > Accelerated MCSE
> > > > http://www.LearnQuick.Com
> > > > [phone number on web site]
> > > >
> > > >
> > > >
> >
> >
> >
.
- References:
- dns server behind a firewall?
- From: Gus
- Re: dns server behind a firewall?
- From: Herb Martin
- Re: dns server behind a firewall?
- From: Gus
- Re: dns server behind a firewall?
- From: Herb Martin
- Re: dns server behind a firewall?
- From: Gus
- dns server behind a firewall?
- Prev by Date: Re: Windows 2003 DNS - When I ping a 'non existant address' I get a reply
- Next by Date: Re: Win2k3 DNS Server - MX Record Issue
- Previous by thread: Re: dns server behind a firewall?
- Next by thread: Re: dns server behind a firewall?
- Index(es):
Relevant Pages
|
