DNS service setup like a hosts like?
Posted on 2008-10-09
Hi, we're having a weird problem with DNS setup. We cannot access our web servers from inside of our network with an external address of the website (we were told it was for security reasons for the firewall / router, why?). So the router/firewall (Cisco PIX) was configured to translate DNS queries from external IP to internal IP. So, when I do nslookup on a domain using ANY name server (internal or external) returns for us an internal IP of the server, while for people outside of our network the IP is external.
This setup worked well.
However, lately, and worse randomly, some people on my network started getting the external IP for the server, which we can't access, so they get timeouts while trying to use it. I'm currently guessing our internal DNS server (domain controller) must get the external IP from a real name server, and cache it. Of course, this shouldn't happen as our router/firewall always supposed to translate those DNS queries to internal IP.
Anyways, my only current solution is to clean the DNS cache on my MS Windows 2003 Server, and then run ipconfig /flushdns on client computers. But in an hour the problem may be back, for different people. There must be a better solution.
I know I can do the hosts file on computers, with the group policy / login scripts. I've tried doing the hosts file just on the DNS server, but I'm guessing on the DNS server the hosts file gets ignored - I ping www.domain.com no problem, I get internal IP, but when I do nslookup on the same DNS server, I get the external one.
I know I could handle it by doing something to the DNS (on domain controller) on our end. Do I use DNSCMD command? Assuming I want to force www.domain.com to go to some internal IP, how would I do it?