cooperrd
asked on
DNS Server and Name Server problems
I have 4 servers that are co-located in a data center. Server 1 is a dns server that is the authoritative DNS server for all the domains that we host (200). It is registered as a name server.
Every thing was fine until we put a Cisco Pix in place using address translation. Now all the servers have private ip address. I put host files on each server but the dns server (server 1) pulls its private ip address into dns so since it is also the registered name server it reports its ip address to the world. It is also a primary domain controller. All domains are integrated into active directory
I have no clue what to do to get it to report the proper public ip address.
Every thing was fine until we put a Cisco Pix in place using address translation. Now all the servers have private ip address. I put host files on each server but the dns server (server 1) pulls its private ip address into dns so since it is also the registered name server it reports its ip address to the world. It is also a primary domain controller. All domains are integrated into active directory
I have no clue what to do to get it to report the proper public ip address.
Dmitri Farafontov
You can configure an additional IP address right on the NICK TCP/IP Configuration itself.
Seems to me its a NAT configuration issue on a second thought.
It's never a good idea to host internal records on an externally accessible DNS server; in a perfect world, you'd have a different DNS server just for the publically accessible zones. Why are your hosted domains AD-integrated?
ASKER
To DeltaFire:
Adding a second ip doesn't solve the problem (I tried that) it still reports it self to the dns as the private ip. I had the data center techs setup the Firewall (we were getting hit with sql slamer) there position is is that it is correct.
To Thaller:
I would love to have an additional server (and it may come to that) but rack space plus cost and lack of a clear understanding of the problem resolution don't allow for that at this point.
My problem is that I didn't really know what I was doing to stat with. I am use to setting up business environments where you have a pdc and all servers are members of the domain and are a part of active directory. Should the hosted domains not be part of AD, and if not why?
Adding a second ip doesn't solve the problem (I tried that) it still reports it self to the dns as the private ip. I had the data center techs setup the Firewall (we were getting hit with sql slamer) there position is is that it is correct.
To Thaller:
I would love to have an additional server (and it may come to that) but rack space plus cost and lack of a clear understanding of the problem resolution don't allow for that at this point.
My problem is that I didn't really know what I was doing to stat with. I am use to setting up business environments where you have a pdc and all servers are members of the domain and are a part of active directory. Should the hosted domains not be part of AD, and if not why?
Windows 2000/XP/2003 registers his primary ipadres to DNS. And that is also what you want. If a DC wouldn't do that clients wouldn't be able to resolve domain controllers (or you must add manually add the domain records to dns. I dont know what exactly the problem is.
if i read it right your Pix is DNS? And I asume it is a stand alone DNS en no replication partner from server1? Why not addmanually the public ipadresses to DNS and leave the private adresses register itselfs?
if i read it right your Pix is DNS? And I asume it is a stand alone DNS en no replication partner from server1? Why not addmanually the public ipadresses to DNS and leave the private adresses register itselfs?
ASKER
The server name is also the the name server name. ie. ns1.domain.com is the registered name server and the server name. so if I add the public ip I will have a private and public ip pointing to the same A record
And what's wrong with that? an server with multiple ipadresses has also 2 adresses or more in DNS pointing to the same a-record.
But if the server has one NIC and one IPadress why publish the external IP adress in DNS? Why not port forwording on the firewall?
I'm still not sure if i'm have your network toplogy in my head...
But if the server has one NIC and one IPadress why publish the external IP adress in DNS? Why not port forwording on the firewall?
I'm still not sure if i'm have your network toplogy in my head...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.