Website setup questions.
- From: E. Palmer <EPalmer@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 24 May 2007 12:14:00 -0700
Hi,
I am having trouble getting a website working. I will go through the steps
I have done and hopefully somebody can enlighten me as to what foolish thing
I am missing. Yes, I know this is a security risk, mostly I want to get
additional email domains to resolve to this server, and am using a test site
to check the name resolution.
In addition, I have another server at a remote location as the second NS for
company2.wanext created as a secondary zone. Zone transfers are allowed
between the two servers only. I’ll call this 2ndNS.company3.wanext
The domain sbs.company1.wanext is setup as custom in DYNDNS, this all works
great and I can remote in, use Outlook over HTTP and all the other great
stuff SBS does.
Dual NIC SBS 2003, no ISA, Sonicwall Pro 200 firewall.
WAN NIC 192.168.168.9
LAN NIC 192.168.10.9
Set the domain company2.wanext up at Network Solutions to point to my server
sbs.company1.wanext (WAN extension, .com .org, etc.)
Create an MX record for the domain company2.wanext pointing to my server
sbs.company1.wanext
Create firewall rule to direct HTTP port 80 to the SBS External NIC
WAN>192.168.168.9
Create firewall rule to point DNS port 53 to the SBS External NIC
WAN>192.168.168.9
HTTP and DNS rules exist for LAN > *
Create a website in IIS, anonymous access, port 80, host header
company2.wanext, IP “all unassigned”. Points to a different folder on a
different drive than the default site. Set permissions on that folder to
read & execute, list and read for Everyone.
Create DNS primary forward lookup zone for company2.wanext
Create A record with 192.168.10.9 (LAN NIC)
Create Recipient policy for company2.wanext
I also created the secondary zone company2.wanext over at 2ndns.company3
and allowed zone transfers from the public IP of this firewall.
At this point a local test to company2.wanext from the LAN resolves
correctly and I get the index page up.
Run CEICW and enable firewall, check “allow access to entire website”
Somehow this is still not working. When I go to DNSSTUFF and check the A
record the response is showing the correct search for the DNS Server
sbs.company1.wanext and also 2ndsbs.company3.wanext. The sbs.company1.wanext
always times out from this lookup, but also at this point I have the
2ndns.company3.wanext server showing not the true address of company2.wanext,
but in fact the ISP gateway address of the firewall.
I know that a timeout means the connection is blocked somehow, but I do not
understand where, escpecially if DYNDNS tools shows the port 53 open. I have
also tried a bunch of other setups such as changing the company2.wanext A
record to the public WAN IP, and also adding another A record for the SBS WAN
NIC 192.168.168.9 and also changing the firewall rule to WAN>192.168.10.9
(LAN NIC)but I still cannot get the A record to show up from DNSSTUFF.
I have also gone to the DYNDNS tools and verified that port 80 is open and
accepting connections. I have also checked that port 53 is open and
accepting connections. I had to both create a firewall rule in CEICW for DNS
port 53 TCP and then go the SBS DNS properties and enable listening on both
NICS (in that order) to get this request to not timeout or be refused.
A couple questions-
Do I really need to open up the DNS port to the SBS WAN NIC on the firewall?
WAN>192.168.168.9?
I am sure I am overreaching with the CEICW DNS firewall rule, but it is
because I am missing something somewhere else.
Isn’t the company2.wanext A record supposed to be the LAN NIC 192.168.10.9,
which is handling all the DNS? I tried setting this to the WAN NIC
192.168.168.9 and also the firewall public IP address and it had no effect.
Should the company2.wanext DNS properties include only the
sbs.company1.local entry, or should the entry sbs.company1.wanext be added?
I tried this and it had no effect.
Why is the ISP gateway address showing up from the secondary zone? I
manually added the firewall public IP to this zone.
Curiously enough, I actually have two more domains here, also looking to get
email going, and even though they are set up identically, company4.wanext and
company5.wanext are not behaving quite the same. Company5.wanext gets a
refusal from 2nddns.company3.wanext, but they all continue to timeout on A
record lookups to sbs.company1.wanext.
I had websites working from this location awhile back, but that was on a
single NIC SBS box, I am trying to get the dual NIC configuration understood.
Thanks for any insight or assistance. I should really sit down and read
that DNS book that has been sitting on the shelf. I have read through a
bunch of MS knowledgebases and searched this group, but like I am saying,
something isn't quite right. After I get the mail working I will shut down
port 80.
Sincerely,
.
- Prev by Date: Re: Installing SSL cert
- Next by Date: Re: Email bogus helo
- Previous by thread: Re: Sending mail to Domain User who does not have an Exchange Mailbox
- Next by thread: Re: Website setup questions.
- Index(es):
Relevant Pages
|
