Solved

What type of DNS record to add to make Server 2003 FTP work internally and externally.

Posted on 2006-11-09
7
489 Views
Last Modified: 2010-04-18
I'm trying to make a Server 2003 server running FileZilla FTP Server work on the cname mail.domain.com. mail.domain.com points to the company's WAN ip address. FTP works perfectly from outside the network, but not from inside. I tried adding a A record in the foward lookup zone for mail.domain.com to point to the local IP of the server, but then the external FTP stopped working. Help????
0
Comment
Question by:matrixcomputer
7 Comments
 
LVL 14

Expert Comment

by:inbarasan
ID: 17912343
How is the FTP published to external network. Have you done the NAT and opened the port. Are you having your own Public DNS server and you are hosting the domain from third party.

As for as i know by adding A record for FTP will not harm anything. You may also try to give different name to connect to the FTP server internally. That is another option. But if you give more details about how FTP is published , i can try and help you
0
 
LVL 5

Expert Comment

by:cjtraman
ID: 17913238
I suggest you to use two different hostnames for accessing your FTP server from both Internal & External. For External access, use mail.domain.com. For Internal access, create internalmail.domain.com.
Can you let me know how your DNS is setup? Howz ur network is structured?
0
 
LVL 2

Expert Comment

by:jspaziano
ID: 17913839
On your firewall.. are you pointing FTP traffic to the IP address of the server or the FQDN?

If you set up the firewall to forward FTP Traffic to the IP address of your FTP server.. then set up a forward lookup zone for domain.com with an A record for mail.domain.com things should work both internally and externally.
Unless your in-house DNS server is also the authoritative DNS server for domain.com .. in that situation i'd recommend that you run two DNS servers.. one to be authoritiative for lookups from the internet.. another for local lookups, since you'll never be able to have the same hostname pointed to both the external IP address for internet lookups and the internal address for local lookups.

Another option would be to set up the HOSTS file on your workstations to point mail.domain.com to the internal address of the server.
0
 
LVL 33

Accepted Solution

by:
NJComputerNetworks earned 250 total points
ID: 17914043
This is a common problem...

You must consider two things... your internal Windows domain name  (mycompany.local)   And you must consider the name of your Internet domain name...  (company.com)  

Some people make the mistake (in my opinion) of making these two domain names the same...  ouch... I don't like this setup, but it exists...and it is OK to do this... but, not the best idea...


Anyway, by default, the internal windows domain name, should be in your clients DNS suffix automatically.  This means, when a client tries to resolbe the name computer1, it will automatcially append the computer1.mycompany.local ....this way, it compiles the FQDN.

So, if you want to add your Webservers internal IP address for people connecting from the inside of your network, you will have to create a new forward lookup zone (company.com) on your internal DNS server..  This is because the user will probably use www.company.com to get to the web server and not www.mycompany.local url.

Any way, create a new forward lookup zone called company.com.  And then add the A record pointing to your internal IP address for the web server...

-late
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17914047
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now