Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DNS Information

Posted on 2006-06-28
3
Medium Priority
?
351 Views
Last Modified: 2013-11-30
Currently I have a customer with a website hosted on a webserver on there internal lan. The website can be accessed from the internet but not internally. This is because they have a firewall address in there DSN listed as the www record for the domain name the website uses. One thing that is confusing is that this company's IT guy would put in thier DNS every domain they had purchased. So the windows 2003 domain they use internally is in there with about 3 or 4 others. One of the others is where the website is being published from. I'll refer to it as site.com. In DNS for the zone site.com the www entry pionts to the firewalls outside address. The firewall reserves the internal connection of this address for its web managment console. I changed the www record for the site.com zone and they could access it internally and I could access it from my office. about 20 min. later the site was gone from the internet but still up internally. I changed the record back and it went away from the internal and was back on the internet. I thought the internal dns was only for internal use I didnt realize it propogated records up to the isp's dns. I thought about changing the websites ip address to something other than the firewalls external address but I think the firewall only supports one outside ip. The firewall is a watchguard soho 6.

Any suggestions in how to make the website available internally.

Can and should the dns propogation to the isp's be disabled and if so, how?

Also anyone have any suggested reading to learn more about advanced DNS?
0
Comment
Question by:officecare
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 9

Accepted Solution

by:
NYtechGuy earned 750 total points
ID: 17002776

You have to add a DNS zone on your internal (read: not listed on your domain's internet record and not used by the internet to look up your domain) dns servers to direct your interenal clients to the INSIDE IP ADDRESSES.

You need to have it configured as such:

OUTSIDE DNS:  Points to OUTSIDE IP addresses

INSIDE DNS ZONE:  Points to internal IP addresses (192.168.1.x) where applicable, or has outside addresses where needed.  (example:  www.domain.com = 65.x.x.x & mail.domain.com = 192.168.x.x)
0
 

Author Comment

by:officecare
ID: 17003550
I think we are on the right track. They currently have a site.com zone on the internal DNS that pionts to the external address but when I changed the www record ip it changed it for everyone internal and external. How do I control what propogates to the isp dns servers vs what doesnt?

0
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 17003654

They should be different servers- totally different hardware.

For instance, the external DNS that controls everything across the internet is *usually* hosted at the registrar (Network Solutions, Register.com, Bulkregister.com, etc) or at the web host (Interland, etc).

The internal DNS (which is where DNS for Active Directory is) would be on your Active Directory DOmain Controller (DC) which should be down the hall from you.

These two roles should NEVER be on the same server.  I can't tell you what a security risk that is if that's the case.

It is also recommended (to avoid issues like this) to have your AD Domain end with .local (yourdomain.local) as opposed to using the .com (your company.com).

To check what is what:

1. Go to this site:  http://www.networksolutions.com/whois/index.jsp
2. Enter your domain (yourdomainname.com) hit enter
3. On the domain record, at the bottom, see what servers are listed and write them down (hostname and IP address)

Are those IP addresses on your network?  

If you aren't sure what your external IP is, click this link:  http://whatismyip.com
- Is the IP address listed the same network as the ones from step #3?

Thanks,

Justin
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question