Solved

split dns trouble cant use external addresses to get to internal resources

Posted on 2008-10-09
4
356 Views
Last Modified: 2013-11-16
our internal domain has a different dns name, internalsite.org, than our external, externalsite.org.  our website (hosted elsewhere) uses www.externalsite.org, our email addresses use @externalsite.org

we have external dns entries set up for our web, mail and terminal servers, the external entries used to work from both on and off campus until we put in a new firewall today.  now webserver.externalsite.org works off campus, but not on!  same for mail and ts.

the firewall folks (watchguard) say we need to reconfigure our setup and put our mail and webservers into a dmz.  I'd rather not do that considering the time and work it would require.  any thoughts?  how much would it require to change the fqdn of our internal dns scheme?

any thoughts or help is much appreciated.
0
Comment
Question by:jhaff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22684764
As I understand you have web, mail and TS configured on the trusted network; and you already have a DNS server which redirects the requests from the internal machines to the these servers on the externalsite.org URL.

If this is the case, then with watchguard you would not be able to reach the servers from the internal network; the reason is the WG along with many vendors cannot have the ingress interface same as the egress interface for a packet and thus the problem; many vendors like cisco allows something they implement as hairpin which allows you to do this!

With watchguard you can configure your DNS Server to rather direct the internal machines to the internal IP than the external IP which would solve the issue.

Thank you.
0
 

Accepted Solution

by:
jhaff earned 0 total points
ID: 22684803
i just fixed my own problem... i added another primary dns zone to my internal dns... so now i have internal.org and external.org as zones on my domain.  the external.org zone points our clients to the internal address before they can hit the interwebs dns.

this works for me because of my limited external presence.  dpk... i'm interested in your solution, because i attempted to route the internal machines to mail, web, and ts via the watchguard and didn't see how it could be done.  

thanks for your help.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22684841
Good to know that the problem is solved! :)

>> i attempted to route the internal machines to mail, web, and ts via the watchguard and didn't see how it could be done

Sorry but I did not understand what you could not configure; frankly on WG there is no configuration which is required; the only configuration what is needed is on the DNS Server; which you have already done [by adding one more zone].
Please correct me if I misunderstood.

Thank you.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22685510
My recommendation is to setup another DNS zone on your internal DNS server that matches your external zone.
Then setup zone transfers from the external zone (public) to the external zone (local) to keep DNS records in sync.
This is a straight forward solution that will solve your problem without having to reconfigure all you servers.
Cheers! Let me know if you have any more questions!
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Resolve DNS query failed errors for Exchange
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question