Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

What is the required DNS configuration for a server to host a service thru the Internet?

Posted on 2008-06-13
11
Medium Priority
?
425 Views
Last Modified: 2013-12-25
What is the required DNS configuration for a server to host a service thru the Internet?
The following is a current & real environment; High security & encryption, Border Routers, Windows 2003 Servers & Interent connected XP Dell PCs.  
Example: Domain.com; server host name: my-app.domain.com;

A Private corp communication server running a win32 app which uses Java thru the Internet to connect to other non-profit company PCs running the win32 app.  Each company has a router & public IP - the PCs use private IPs.  Domain.com has registered x.x IP Network & uses two public IPs: x.x.200.88 & x.x.100.88 for myapp.domain.com.
   1a. Corp wants non-profits to setup firewall to allow access to myapp.domain.com.
   1b. Corp wants no reverse lookup capabilty from the Internet.
   2a. Non-profits wants to only allow IPs: x.x.200.88 & x.x.100.88 on their firewalls.  
   2b. Corp states that they do not publish the two public IPs: x.x.200.88 & x.x.100.88 for myapp.domain.com and they may change anyway.  Again they insist that we use myapp.domain.com.  

My question: How is the DNS for the Internet configured in this environment?  [Since the corp company is using the Internet & public addresses - how can they hide their public IPs & can they prevent non-profits from using the IPs, instead of the name?  

Note: i think the questions are all answer from the same info; however, if not, i can create addtional questions, if needed.  Thanks much.
0
Comment
Question by:kbbcnet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
  • 2
  • +1
11 Comments
 
LVL 11

Expert Comment

by:rowansmith
ID: 21784269
You need to explain this question a bit better...

Tell me what you want to be able to do.  What you are doing at the moment, and what is not working as you would expect.

Thanks.
0
 
LVL 13

Expert Comment

by:kdearing
ID: 21784270
You don't need to make any changes to your internet DNS records.
Modify the internal DNS only.

This can be done in 2 ways:
1. If the non-profits are using an internal DNS server, just have them add a record for myapp.domain.com that points to the corp public IP
2. If the non-profit is not using an internal DNS server, then they could add an entry to the individual PC's hosts file.
0
 
LVL 16

Author Comment

by:kbbcnet
ID: 21785514
kdearing:

You have hit on the problem and as i stated in my initial post - how to allow access thru the firewall.  
Most non-profit have internal dns; however some do not.  

Corp is not publishing their IPs and will not give out that info???
They insist that every non-profit use the dns name, instead of the IP.

i do not know why,but i think they have become paranoid about thier IPs?
In their documentation, they state if you must use an IP, then 157*.*.*.
i asked their IT dept if this is a misprnt; i have not seen this kind of firewall config.
0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 
LVL 16

Author Comment

by:kbbcnet
ID: 21785572
rowansmith:

The app uploads & download files with corp.
The app has the corp server name [myapp.mydomain.com] listed in the upload/download field.

i want to configure the non-profit firewalls to allow the app to contact the corp server and then not interfere with the java files upload/download.

There are many different firewalls, Cisco, Cisco Pix, proxies, Windows Server and the like.
Some of the firewalls can not be configured to use names, only IPs.

i always understood - if a company has a data center app setup to connect via the Internet with other companies users running the user side app; then you Dig the Internet DNS info and use this IP.
Is this not so and can corp circumvent this by (as they stated) not publishing their IPs?
0
 
LVL 13

Expert Comment

by:kdearing
ID: 21785623
You cannot stop anyone from using IPs vs names.
Internet communication is determined by IP addresses, not by names.
A name is just a user-friendly way to use them, you don't have to remember all those numbers.
The name gets resolved into an IP address using DNS,  BEFORE it leaves your computer.

As far as the firewall is concerned, it's all about IP addresses. Unless you've specifically configured it to block certain domain names, it will work.
0
 
LVL 14

Expert Comment

by:kenfcamp
ID: 21785726
[You cannot stop anyone from using IPs vs names.]

While this is true, you can always try to work around it.

The easiest way is to create a virtualhost profile for the ip addy using a index page that would redirect traffic to myapp.domain.com. You will need to assign a name for it so to keep it simple you can use something like mychkapp.domain.com

Then create a virtualhost profile for myapp.domain.com

or you could always redirect traffic going to http://xxx.xxx.xx.xxx to http://myapp.domain.com

Ken
0
 
LVL 16

Author Comment

by:kbbcnet
ID: 21785734
kdearing:

i have used serveral internet tools, Dig, Nslookup, etc. the corp data center FTP resolves to an IP which does not work thru the Firewall.  Server down or not availble message.

Prior to the change of the corp IP all was working as expected.

Is their a configuration a large corp like MS, Cisco, HP, etc. could create where the ftp server name would work and the resolve IP to that server name would not?
0
 
LVL 16

Author Comment

by:kbbcnet
ID: 21785753
kenfcamp:

The problem for the non-profit sites is that the other Corp company who provides the app states they will not give out their IP, you must use the ftp server domain name in your firewalls, etc.
Suddenly the IP which the copr FTP resolves to will not work in the Firewall; where as before corp changed the IPs all worked as expected and the app connect as designed to upload/download.

My tests reveal their appears to be no reservse lookup setup on the corp site; however, i am not privy to such info and the IT dept is less than helpful.

It seems in regard to their app, it is their way or the highway.
This would not be a problem, excepting some non-profit site firewalls only work if the FTP site has an IP.
0
 
LVL 14

Expert Comment

by:kenfcamp
ID: 21785835
soooooo, what is it you are looking for? IOW, what is it you are trying to do?

As far as DNS configurations for hosted services, there aren't any so long as the DNS for the domain being used/accessed is setup properly
0
 
LVL 16

Author Comment

by:kbbcnet
ID: 21785919
kenfcamp:

i am looking for the Corp IP to add to the non-profit firewalls.
IOW
i am trying to determine if Corp has setup the FTP & hidden their real public IP.
Using something such as anonomizer or CBAC
(Corp supports over 5000 locations thru their app & has several Class B IPs [a subset of MS])
0
 
LVL 16

Accepted Solution

by:
kbbcnet earned 0 total points
ID: 21827913
Solution, and then close the question by clicking "Accept as Solution" on your own post.

i have verifified the info i was looking for.

The simple answer i was looking to verify is that a large corp as this one could not de-publish their IP.  
The the dns name would always resolve to some IP which then could be added to a Firewall if needed.

Also, many firewalls can use the dns name &/or filter by packet at the higher layers allowing the server name thru.

Thanks.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question