Solved

DNS Redirects not working

Posted on 2008-06-26
1
763 Views
Last Modified: 2012-06-22
We use an external DNS service to handle DNS queries (www.dnsmadeeasy.com). We just installed a brand new Cisco ASA 5510 Firewall and the Juniper router in question. All DNS http re-directs that we try that point to an address on the external interface of the router will not load a web page if you are on the inside network. All DNS http re-directs that point to the actual private address on our network do work. However, if you are not on the inside network, the DNS redirects that point to an external ip address do work. We tried opening the firewall and seeing if it was a port issue, but it was still unable to communicate, not to mention, the ports work externally. We think it might be the router. Does anyone have any suggestions on getting our dns entries to work on our inside network?
0
Comment
Question by:IcueTV
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 71

Accepted Solution

by:
Chris Dent earned 125 total points
ID: 21879268

Hey,

It's a routing restriction I'm afraid. It's very difficult to connect to a device using NAT if the destination is on the same network as the client.

The solution is simple, if a bit of extra administration.

Do you have an internal DNS Server? You must create entries and zones on the DNS Server so that those public domains resolve to private IPs instead of public ones for clients within your network.

For instance, if you had an MS DNS Server you could do the following to regain access to an internally hosted public site:

1. Open the DNS Console
2. Right click on Forward Lookup Zones and add a new Zone.
3. Set the Zone to Primary (and AD Integrated if you have that)
4. Name the zone either yourpublicdomain.com or www.yourpublicdomain.com (I'll come back to that)
5. Disable Dynamic Updates
6. Add Host (A) Records to match the names to internal IP addresses

The two choices of name for the zone represent two different ways of approaching this.

If you use yourpublicdomain.com you must include every other address within the zone if you expect to resolve it. Otherwise your DNS server will rightfully say the address doesn't exist. In this case, and in this example you would add a www Host (A) Record with the internal IP.

If you use www.yourpublicdomain.com instead you allow the server to resolve names only for www, leaving everything else in yourpublicdomain.com to go out to the normal DNS Servers. In this case you would add a Host (A) Record with a blank name pointing at the Internal IP. That makes the "(same as parent folder)" record, and will resolve the zone name, in this case www.yourpublicdomain.com, back to the specified IP.

Hope that all makes sense!

Chris
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question