Re: Flat Domain DNS Problem
- From: "Steve Duff [MVP]" <ergodic@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 6 Jul 2005 18:23:31 -0700
Assuming we are not talking about a lot of hosts in the DMZ or a lot of names, this may be a case where a simple HOSTS file hack
will do the job nicely. All you need is one line for each DMZ host that overrides the public IP (don't forget the dot at the end),
and a batch script to distribute it to the DMZ machines when you need to make changes. Hosts entries will override DNS, but if you
have a DNS server on the same system, the hosts file is not used to provide answers for DNS - it is stricly a resolution mechanism.
You can also try using DNS subnet ordering, but as you observe it is a little dicey to rely on this. Any other solution I can
envision would be kind of involved - if you can turn off the translation and run the DMZ hosts directly on public IPs, that would be
a choice. You could also try to rig something with primary/secondary DNS search suffixes, causing the names to resolve differently
depending on the suffix assignments on the machines - but this also only works for some environments.
<soapbox on>
Your problem intersects a long-standing gripe I have with a firewall firmware - and there's a lot of it - that can't loop its own
d**m NAT addresses. It is getting better year by year, but it remains a frustrating and unexcusable limitation with some vendors'
products. (Get a Cisco - not only will it not have this problem, it will even translate IPs in DNS responses going through the NAT.)
<soapbox off>
Steve Duff, MCSE, MVP
Ergodic Systems, Inc.
"specialk" <specialk@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:C526C8AD-3FB3-4942-A82E-7F18A8F05609@xxxxxxxxxxxxxxxx
> Hello all - First of all thank you for any of your input, it is much
> appreciated.
>
> I have a 3 site WAN and it is all one flat 2003 Domain. All DNS Servers in
> the domain have Active Directory - Integrate DNS enabled.
>
> The problem I have is that I have 3 hosts in the DMZ in one site. Those
> local clients in that site have obviously no problem accessing those hosts.
>
> I need the other two sites to access those particular hosts by their
> external IP Address. Since they are all active directory integrated DNS
> servers, all three sites have the same records for these hosts. And I don't
> want to add multiple records for these hosts because occasionally it would
> fail and this application and my users are unforgiving.
>
> I would rather not go around to the machines and manipulate local host files
> or break my current configuration.
>
> The main reason I am doing this is because of bandwidth constraints.
>
> I was wondering if there is some kind of site specific DNS resolution or one
> where I don't have to break out of the active directory integrated DNS setup
> I have.
>
> Thanks again for the help...
>
.
- References:
- Flat Domain DNS Problem
- From: specialk
- Flat Domain DNS Problem
- Prev by Date: Re: Flat Domain DNS Problem
- Next by Date: Re: IP pool setup in DNS for ISP
- Previous by thread: Re: Flat Domain DNS Problem
- Next by thread: IP pool setup in DNS for ISP
- Index(es):
Relevant Pages
|
