Re: Using Microsoft DNS for Public domains
- From: "ACE-Joe" <ACEJoe@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 26 Aug 2005 08:43:38 -0700
Ok, I have all this setup correctly. Inside the DMZ on a testl laptop it
works great, dns resolves forward and reverse, the website works, etc. Now,
using NAT from the outside in, nothing works, I can ping the first nameserver
thats registered at the registrar by name, the second nameserver I can't
resolve. I can ping all the public IP addresses. If I set the two IP
addresses that forward to my two nameserver DNS Servers on my home machine, I
type nslookup and I get "Server not available" and cannot resolve any DNS
queries. I've checked with our net admin, (I'm one too, but she handles this
at this comany), and she confirmed with me we have One to One NAt enabled for
the public IP addresses pointing to the internal DMZ IP addresses. If it
works on a test machine in the DMZ, shouldn't it work from outside on the
public internet? I am thinking it must be something wrong with the NAT. Our
netadmin has been trying to get this to work, but so far no luck. The
firewall is configured almost exactly the same as the existing DMZ we use
now. The one I'm having problems with is a test DMZ for rolling public DNS.
Same configuration but its not working. Any ideas?
Thanks
Joe
"Kevin D. Goodknecht Sr. [MVP]" wrote:
> ACE-Joe <ACEJoe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> > Hi all,
> >
> > Ok, this is going to sound really silly and its probably something
> > simple. But here is my situation. I have a DMZ at my location. I
> > have a split-split DNS setup configured. I have two advertisers
> > setup in my DMZ that are primary/secondary servers for my public
> > domains. I registered several domain names. On the first domain
> > name I registered two nameservers at my registrar. For example
> > domainx1.com has nameservers registered as ns.domainx1.com and
> > ns2.domainx1.com. They both point to their respective public IP
> > addresses I'm using on my firebox. I have the firebox (using NAT)
> > forwarding traffic for the first public IP address (for first ns) to
> > the internal DMZ IP of the primary DNS server. I have the second
> > nameserver IP forwarded to the internal DMZ IP of the secondary DNS
> > server. On the primary server I created host records for ns and ns2
> > and then modified the nameservers tab for the zones to reflect ns and
> > ns2.domainx1.com with their public IP addresses. My first question
> > is here, my DMZ is on an isolated private network with a firebox at
> > the ISP using NAT (One to One NAT). Do I use the public IP addresses
> > of the nameservers in the nameservers tab and host records in each
> > zone, or do I leave them as is with the private DMZ IP?
>
> Use the public IP, this will be your glue.
>
> >
> > Now I have domain, I have my nameservers, I can ping the
> > nameservers by name from my home computer on a separate ISP. They go
> > to the correct IP addresses. In my firebox I am not blocking ICMP
> > traffic, and I'm not restricting any ports (YET I'm still testing).
> > I cannot ping my domains, and I can't resolve the website. I have a
> > www record in the domain forward lookup zone, but it won't resolve
> > from the outside. If I do any nslookup tests on my domains they all
> > timeout.
> >
> > So in summary, I guess my question would be, what configuration
> > settings are necessary and what public IP addressing/forwarding is
> > necessary to get Microsoft DNS working in a DMZ to host public
> > domains/websites? Do I need to reference public IP addresses in the
> > zone configuration even though servers are setup with a private DMZ
> > IP addressing scheme. And what other configuration would be
> > necessary with nameservers etc? Anything special to register
> > nameservers with a Microsoft DNS server?
>
> You need to set up a DNS server for internal clients to use that resolves to
> all the private addresses.
> The public DNS server cannot have any records with the private IP and none
> of the internal clients can use these DNS servers.
>
> For Zone transfers to work since both DNS servers are behind the same NAT
> device, you need to specify allow zone transfers to the Private IP of the
> secondary DNS server.
>
> The host that is in the DMZ should also use the internal DNS server in its
> TCP/IP properties.
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>
.
- References:
- Using Microsoft DNS for Public domains
- From: ACE-Joe
- Re: Using Microsoft DNS for Public domains
- From: Kevin D. Goodknecht Sr. [MVP]
- Using Microsoft DNS for Public domains
- Prev by Date: RE: I setup a secondary dns server, the primary will not transfer
- Next by Date: RE: I setup a secondary dns server, the primary will not transfer
- Previous by thread: Re: Using Microsoft DNS for Public domains
- Next by thread: DNS NATing and DC replication
- Index(es):
Relevant Pages
|
