Solved

DNS setup

Posted on 2002-04-04
15
349 Views
Last Modified: 2010-04-13
What is the best way to setup Win2k DNS for a small network? First a little background. The domain name is mycompany.com. We have an ISP hosted web server www.mycompany.com. Email is hosted by the same ISP. We have 8 IP addresses assigned. We have a firewall/router and are using NAT with internal addresses of 192.168.1.x/24. Out of our block of 8 addresses we loose one to broadcast, one to the network and one to the router for NAT. Our firewall has a one-to-one NAT feature so the five remaining public address are assigned to internal addresses. We have an internal intranet web server on ip 192.168.1.200 that can be addressed from the outside as either http://home.mycompany.com or 65.234.3.100 (random bogus number) for example.

I read the articles about having mycompany.com for external and mycompany or mycompany.local for internal. Minasi talked about a split brain DNS.

What would be the best way to set this up? The idea setup would be if my notebook users could use http://home.mycompany.com for either inside the office or when they are on the road.
0
Comment
Question by:davidpm
  • 6
  • 4
  • 3
  • +2
15 Comments
 
LVL 5

Expert Comment

by:matt023
ID: 6921268
my advice is to not use the same domain name for both Internet and Intranet.  This will cause complexity in your administration and configuration.  It will also become the a point of name resolution failure if not regularly updated.  In addition, your company is using NAT.  This will even more complicate your DNS setup.

I suggest you use something like mydomain.local for your Intranet and forward all other queries to your ISP DNS servers.  It will fulfill your requirement and maintain a simple, but effective configuration.
0
 
LVL 7

Expert Comment

by:jmiller47
ID: 6921404
One thing that I suggested to a friend of mine was to use mycompany.inc since .inc is not in the works for internet use.

Otherwise, I agree with Matt's statement above.
0
 
LVL 2

Expert Comment

by:ritupatel112699
ID: 6921961
Simple thing is add CNAME record and A record in your  primary DNS and point it to your internal Intranet.

INTRANET.companyname.com (you can use one of your available IP or you can also use private IP address)and make it one to one NAT.
And for the security make setup VPN authentication so all your mobile users can use that and access only when they use VPN.

Rips
0
 

Author Comment

by:davidpm
ID: 6922813
Would it work to use local.mydomain.com for internal and mydomain.com for public?
Or does it have to be mydomain.local for local?
If so why?
0
 
LVL 5

Expert Comment

by:matt023
ID: 6929272
that would also work.  the point is to separate your Internet and Intranet namespace to reduce complications which can save you a lot of headaches.
0
 
LVL 5

Expert Comment

by:matt023
ID: 6929583
that would also work.  the point is to separate your Internet and Intranet namespace to reduce complications which can save you a lot of headaches.
0
 

Author Comment

by:davidpm
ID: 6932968
If I have a local mail server called mail.mycompany.com and have notebook users that sometimes connect behind the firewall and sometimes remotely how would I configure their mail settings?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 5

Expert Comment

by:matt023
ID: 6937750
add an MX record into your Intranet (Win2k) zone pointing to the internal address of the mail server.  add an MX record into your Internet zone on your company's Internet (external) DNS server pointing to the NAT'ed address of your mail server.
0
 

Author Comment

by:davidpm
ID: 6939514
I seem to be really dense here.

If I follow the above recommendations and my mail sever from the outside is mail.mycompany.com and from the inside is mail.mycompay.local then no single acceptable entry will work for my email client.

Perhaps an example would help.

0
 

Author Comment

by:davidpm
ID: 6939515
I seem to be really dense here.

If I follow the above recommendations and my mail sever from the outside is mail.mycompany.com and from the inside is mail.mycompay.local then no single acceptable entry will work for my email client.

Perhaps an example would help.

0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6955957
ADMINISTRATION WILL BE CONTACTING YOU SHORTLY.  Moderators Computer101 or Netminder will return to finalize these if still open in seven days.  Please post closing recommendations before that time.

Question(s) below appears to have been abandoned. Your options are:
 
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response.  This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database.  If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
   --> Post comments for expert of your intention to delete and why
   --> YOU CANNOT DELETE A QUESTION with comments; special handling by a Moderator is required.

For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
 
Please click this link for Help Desk, Guidelines/Member Agreement and the Question/Answer process.  http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp

Click you Member Profile to view your question history and please keep them updated. If you are a KnowledgePro user, use the Power Search option to find them.  

Questions which are LOCKED with a Proposed Answer but do not help you, should be rejected with comments added.  When you grade the question less than an A, please comment as to why.  This helps all involved, as well as others who may access this item in the future.  PLEASE DO NOT AWARD POINTS TO ME.

To view your open questions, please click the following link(s) and keep them all current with updates.
http://www.experts-exchange.com/questions/Q.20000304.html
http://www.experts-exchange.com/questions/Q.20113808.html
http://www.experts-exchange.com/questions/Q.20236268.html
http://www.experts-exchange.com/questions/Q.20264500.html
http://www.experts-exchange.com/questions/Q.20264487.html
http://www.experts-exchange.com/questions/Q.20285128.html
http://www.experts-exchange.com/questions/Q.20274759.html
http://www.experts-exchange.com/questions/Q.20285607.html
http://www.experts-exchange.com/questions/Q.20285652.html
http://www.experts-exchange.com/questions/Q.20285886.html
http://www.experts-exchange.com/questions/Q.20285140.html




*****  E X P E R T S    P L E A S E  ******  Leave your closing recommendations if this item remains inactive another seven (7) days.  If you are interested in the cleanup effort, please click this link http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643
POINTS FOR EXPERTS awaiting comments are listed here -> http://www.experts-exchange.com/commspt/Q.20277028.html
 
Moderators will finalize this question if in @7 days Asker has not responded.  This will be moved to the PAQ (Previously Asked Questions) at zero points, deleted or awarded.
 
Thank you everyone.
 
Moondancer
Moderator @ Experts Exchange
0
 

Author Comment

by:davidpm
ID: 6958312
Matt said
” my advice is to not use the same domain name for both Internet and Intranet.  This will cause complexity
in your administration and configuration.  It will also become the a point of name resolution failure
if not regularly updated.  In addition, your company is using NAT.  This will even more complicate your
DNS setup.”

This advice matches the advice from MS so I do not discount it. However I would like to know exactly in what way the administration and configuration complexity increases.

More importantly in my original question I asked, ” What would be the best way to set this up? The idea setup would be if my notebook users could use http://home.mycompany.com for
either inside the office or when they are on the road.”

This question has not been answered. I don’t believe a cname entry will solve this problem either ritupatel.

Matt also sugusted: “add an MX record into your Intranet (Win2k) zone pointing to the internal address of the mail server.
 add an MX record into your Internet zone on your company's Internet (external) DNS server pointing
to the NAT'ed address of your mail server.”

I do not yet see how that would work. If the internal address is mail.mydomain.local and the external address is mail.mydomain.com. I have to use mail.mydomain.com so it will work out of the office. When I am in the office the caching part of my dns server will give me the external address, which will not work while I am behind the firewall. If there is some trick to make this work I am would like to know what it is.

If a question is still left unanswered what is the harm of leaving it up for a few weeks to see if someone can answer it? If management is unwilling to do that perhaps you could close this question for me, I believe it is a good question and deserves and answer.
I had thought that as long as a post from me was the last entry the question was not abandoned just open.

0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6958414
davidpm, as long as you remain active and provide feedback to keep the collaboration effort going, there is no rush whatsoever.  The goal is to get what you need in terms of solutions.

Others posted above are definitely in need of your attention and closure.

This one, as an example, dates back to the year 2000.  Nothing was ever added, and if it was, has disappeared.  In that timeframe there were many problems with database migrations and what makes sense there is to refund your points and to close it.  Then, if the need still exists, you benefit by posting it again to draw current attention, as would be the case on any of your questions if no recent activity by experts is noted.  

http://www.experts-exchange.com/questions/Q.20000304.html

Moondancer - EE Moderator

0
 

Author Comment

by:davidpm
ID: 7068730
delete please
0
 
LVL 1

Accepted Solution

by:
Moondancer earned 0 total points
ID: 7068795
Rather than deleting this, I have refunded your 100 points to you and closed this by moving it to our PAQ at zero points.  There is some helpful information here that can help others, although your goal was not achieve, sorry to see.  Perhaps there is still a chance that the participating experts will return with added insights.  If that is the case, you can always award them points via a new question, and include this link.

Thanks,
Moondancer - EE Moderator
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
how to find out who did last update on user account in AD 9 228
Print Server: NT to 2008 10 576
kerberos errors 7 544
Building AD from Scratch 5 93
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Moving applications to the cloud or switching services to cloud-based ones, is a stressful job.  Here's how you can make it easier.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now