Solved

split dns trouble cant use external addresses to get to internal resources

Posted on 2008-10-09
4
347 Views
Last Modified: 2013-11-16
our internal domain has a different dns name, internalsite.org, than our external, externalsite.org.  our website (hosted elsewhere) uses www.externalsite.org, our email addresses use @externalsite.org

we have external dns entries set up for our web, mail and terminal servers, the external entries used to work from both on and off campus until we put in a new firewall today.  now webserver.externalsite.org works off campus, but not on!  same for mail and ts.

the firewall folks (watchguard) say we need to reconfigure our setup and put our mail and webservers into a dmz.  I'd rather not do that considering the time and work it would require.  any thoughts?  how much would it require to change the fqdn of our internal dns scheme?

any thoughts or help is much appreciated.
0
Comment
Question by:jhaff
  • 2
4 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22684764
As I understand you have web, mail and TS configured on the trusted network; and you already have a DNS server which redirects the requests from the internal machines to the these servers on the externalsite.org URL.

If this is the case, then with watchguard you would not be able to reach the servers from the internal network; the reason is the WG along with many vendors cannot have the ingress interface same as the egress interface for a packet and thus the problem; many vendors like cisco allows something they implement as hairpin which allows you to do this!

With watchguard you can configure your DNS Server to rather direct the internal machines to the internal IP than the external IP which would solve the issue.

Thank you.
0
 

Accepted Solution

by:
jhaff earned 0 total points
ID: 22684803
i just fixed my own problem... i added another primary dns zone to my internal dns... so now i have internal.org and external.org as zones on my domain.  the external.org zone points our clients to the internal address before they can hit the interwebs dns.

this works for me because of my limited external presence.  dpk... i'm interested in your solution, because i attempted to route the internal machines to mail, web, and ts via the watchguard and didn't see how it could be done.  

thanks for your help.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22684841
Good to know that the problem is solved! :)

>> i attempted to route the internal machines to mail, web, and ts via the watchguard and didn't see how it could be done

Sorry but I did not understand what you could not configure; frankly on WG there is no configuration which is required; the only configuration what is needed is on the DNS Server; which you have already done [by adding one more zone].
Please correct me if I misunderstood.

Thank you.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22685510
My recommendation is to setup another DNS zone on your internal DNS server that matches your external zone.
Then setup zone transfers from the external zone (public) to the external zone (local) to keep DNS records in sync.
This is a straight forward solution that will solve your problem without having to reconfigure all you servers.
Cheers! Let me know if you have any more questions!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now