Re: DNS problem - 2 IP addresses on one adapter

"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:OA9pZLjXGHA.752@xxxxxxxxxxxxxxxxxxxxxxx
"Ron" <xxxronxxx@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:443ceaa2.0@xxxxxxxxxx
Sorry, this is probably pretty basic stuff but I'm lost in a maze of
documentation and terms that don't mean much to me !

We all had to learn some time or other.

I have a Win2k3 server, all set up and running fine. it has a FQDN of
port1.domain.com
this resolves internally to 192.168.0.10
Externally. the name is available via public DNS and resolves to our
router address. the router maps certain ports/services through to the
server.

The server runs a number of services, which for various reasons require
more than one IP address, so
the server's network connection is set up with two IP addresses

This is straightforward for external users as I simply port map the
services onto the appropriate IP address.

Perfectly reasonable for NON-DCs; if this is also a Domain
Controller a lot of people will recommend against such
setups (DC accessible to Internet AND multiple IPs, etc.)

For those services requiring the alternate IP address I have defined
another FQDN which on public DNS servers resolves to the same external
IP, Internally however I need to get this to resolve to 192.168.0.11

Then you need two DNS servers -- MS DNS gives same
answers to ALL requests for same name.

This is because some users will be connecting their laptops to the server
from outside the LAN using the external address, and then coming into the
office and connecting to the LAN and i do not want to make them have
'internal' and 'external' settings for their PCs.

Having wandered around the DNS help files and Googled for hours, I'm more
confused than ever.
Without a DNS server a simple hosts file would read

192.168.0.10 port1.domain.com
192.168.0.11 port2.domain.com

But this would override (on the clients) the DNS request
and ALWAYS use this (local) address even when the
client machine was external -- it wouldn't connect since
192.168.x.y won't route on the Internet.

where both these IP addresses are on the same adapter
But how do I get a DNS server to do this ?

Generally you use TWO different DNS servers. One
for internal machines, another for external requests.
(Non-MS DNS might have VIEWS available but this
is really a pretty poor design anyway and there are
easy ways to fix it.)

If you don't want "Two DNS Servers" you really should
consider putting your PUBLIC DNS BACK at the Registrar
(where it belongs for most companies.)

But you have this Internal Server which COULD be your
Internal DNS anyway.

How do you assign addresses to laptops? DHCP? You
might run DNS on the DHCP (or any other internal) server.

Clients will be set to the INTERNAL ONLY DNS server
which will forward to (some) external DNS server for
Internet resolution.

Now you have two DNS servers and you run what is called
"Shadow DNS" (aka Split DNS) where you MANUALLY
setup two different VERSIONS of the same zone on different
sets of DNS servers -- one for outside, another for inside.

Problem of course is that all changes to the external settings
much be manually duplicated (by YOU) on the internal DNS
server set.

Even with "views" (on other DNS server types) you are doing
essentially the same thing, but on a single physical machine.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


Thanks Herb,
When I wrote 'Public DNS' I actually meant an A record at the at the
registrar,
The W2k3 server is not externally visible as a DNS service but it does know
the addresses of the ISP's DNS servers so I assume that if it can't resolve
and address internally, it defers to a more authorititive source..

The problem I have in detail is how and where to enter the second FQDN in
the DNS manager - it only exists (or soon will) on the Registrar's server
and I need to set up an internal version, pointing to an internal address.
I suppose ultimately I could just use the external version and the Laptops
would be directed to the outside of the router/Firewall and back in again.
It just seems a tortuous route.

Thanks,

Ron



.

Relevant Pages

  • Re: Windows cannot find the network path error message in GPMC
    ... Preferred DNS server. ... bar of the Network Connections window, ... sure you have Forwarders to your ISP DNS servers Enabled. ... preventing access to this computer from the Internet" is Not checked on this ...
    (microsoft.public.windows.group_policy)
  • Re: Win2k3 and Slow Logons
    ... > various DNS settings from the server and my router set up. ... for internal DNS servers, but it must NOT be listed on any ... >>>>bad world of the Internet. ...
    (microsoft.public.windows.server.dns)
  • Re: dns + firewall?
    ... The DNS for the public resolution from the Internet? ... users to resolve to both the external AND the internal versions of the zone. ... DNS servers how to resolve "the Internet" -- the ...
    (microsoft.public.win2000.dns)
  • Re: Strange DNS behavior
    ... All clients are DHCP Clients set up to only use internal DNS Servers. ... on the DNS Server the only external IP address listed is the ... So say by chance I am at an internet cafe, ... I decide to ping my exchange server to see if it resolves so I ping ...
    (microsoft.public.windows.server.dns)
  • Choosing a DNS namespace for AD
    ... first decision is how to design the DNS namespace. ... internal DNS servers authoritative for the domain corp.mycompany.com. ... The first option is to use the same namespace internally and externally. ... Internet, the client would use an external name which the firewall would ...
    (microsoft.public.windows.server.active_directory)