Solved

DNS server in DMZ

Posted on 2008-06-12
6
1,720 Views
Last Modified: 2008-07-03
Hi Experts,

I can't wrap my head around how a DNS server will work in the DMZ. I currently have a 3 legged network running off a Cisco 515E PIX. I have setup DMZ and internal DNS on a host. This host is not part of the domain and has its own DNS. I can curently access the host (Windows 2003 SP2) in the DMZ from the domain by internal IP and RDP to it. I have it static the IP address of the host to a public IP. My question is how will the world access it if I put our webserver on that host?

We use godaddy.com for our domain name, I can't add this host to godaddy because the machine in the DMZ is not part of the domain. Do I need to register another domain for the host in the DMZ?

TIA
0
Comment
Question by:abhijitm00
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 6

Assisted Solution

by:clearacid
clearacid earned 400 total points
ID: 21771078
What is the purpose of the DNS server on the DMZ?  Are you trying to manage your own public DNS entries?

1 - you need to allow UDP/53 out for your DNS Servers on the DMZ


Alternatively you can manage your DNS entries using godaddy's total control DNS feature.  That's what I do for my lab.  Benefit of it would be less stuff to secure and manage.

0
 
LVL 6

Assisted Solution

by:clearacid
clearacid earned 400 total points
ID: 21771152
Sorry - I didn't answer your question
You should have multiple public IPs.  Let's say 1.1.1.1 and 2.2.2.2 for your public and 192.168.0.1 and 192.168.0.2 for your 2 DNS servers on your DMZ as an example.

1. Configure translation for public to dmz
static (dmz,outside) 1.1.1.1 192.168.0.1 netmask 255.255.255.255
static (dmz,outside) 2.2.2.2 192.168.0.2 netmask 255.255.255.255

2. Configure the ACL to allow DNS in from outside
access-list outside_access_in  extended permit udp any host 1.1.1.1 eq 53
access-list outside_access_in  extended permit udp any host 2.2.2.2 eq 53

3. Configure godaddy to use your DNS servers public IP address.
 
0
 

Author Comment

by:abhijitm00
ID: 21771981
Thanks for getting back clearacid

In answer to your first question we handle our own DNS and static it to a public IP address. I can get to the external IP public address from outside the domain by putting in an IP address. When I try to get my www onto it, it cannot resolve it.

For the second post:
1. This is done
2. I will add this
3. I am stuck on this one as my host in dmz has a hostname dcsrv02.dmz and I can't add this to godaddy as it needs a host ending in mydomain.name. What kind of domain do I add this host in DMZ to? WIll it be mydomain.com if not do I need to add a new domain name? This is where I am getting stuck at.

Thanks

0
Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

 
LVL 6

Accepted Solution

by:
clearacid earned 400 total points
ID: 21775277
Contact your ISP provider and tell them that you need to add 2 DNS servers;

ns1.mydomain.com to 1.1.1.1
ns2.mydomain.com to 2.2.2.2

substitute 1.1.1.1 and 2.2.2.2 with your public IPs.

Then after that's completed you can go to godaddy and input your dns names ns1 and ns2.
0
 
LVL 16

Assisted Solution

by:btassure
btassure earned 100 total points
ID: 21808025
If you are managing your own DNS you would just need to add the correct forward lookup zones for your domains and enter the A record for the web server address you wanted and point it to the public IP of the DMZ server.
0
 

Author Comment

by:abhijitm00
ID: 21924897
Whatwe did was put the external IP address of the DMZ DNS in our internal DNS and I added that IP address as a Name Server on external DNS provider. This worked. Thanks for all your help.
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSL-VPN 1 90
Urgent !I am connecting a cisco catalyst 3560 switch amber light on port 15 77
Round robin for Exchange 2013 4 53
external website is 16 38
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question