sampar
asked on
How to setup a Secondary DNS server using Public IP instead of Private IP??
Hello every1,
I won't hide anything from you, I don't know much about setting up a secondary DNS server. There is something bugging me a lot. I have 2 w2k3 server on my network... one that I use as the primary, let's say DNS1, and the other one as a secondary server; DNS2.
Now, when I setup my zone transfer, I just can't use the Public IP (which doesn't make much sens to me). I had to set DNS1 to allow zone transfer to 192.168.1.2 (DNS2 Backnet IP) and then I could synchronize the 2 servers. I would like to know what I am doing wrong? I want to use my public IPs to sync my 2 servers. And if it is impossible... then why? And what would I do if I had my 2 servers on two different sites then????
I won't hide anything from you, I don't know much about setting up a secondary DNS server. There is something bugging me a lot. I have 2 w2k3 server on my network... one that I use as the primary, let's say DNS1, and the other one as a secondary server; DNS2.
Now, when I setup my zone transfer, I just can't use the Public IP (which doesn't make much sens to me). I had to set DNS1 to allow zone transfer to 192.168.1.2 (DNS2 Backnet IP) and then I could synchronize the 2 servers. I would like to know what I am doing wrong? I want to use my public IPs to sync my 2 servers. And if it is impossible... then why? And what would I do if I had my 2 servers on two different sites then????
ASKER
Are the two servers aware of their public IPs (i.e. are they explicitly configured on the servers and not using NAT)?
>>> They are not using NAT as far as I know, each of them as a valid public IP address
If not, and the zone transfer is attempting to go via your default gateway, it may be blocked there.
Could you run IPCONFIG /ALL on both boxes and paste the results here? (Obviously change/blank the public IPs if you aren't in a position to divulge such info.)
DNS1
Frontnet adapter:
ip: xx.xx.xxx.250 (and many others valid public IP)
subnet: 255.255.248.0
gateway: xx.xx.xxx.1
DNS Servers: yyy.yyy.yyy.4 & yyy.yyy.yyy.5 (ISP DNS)
Backnet adapter
ip: 192.168.9.8
subnet:255.255.0.0
gateway: none
DNS servers: 192.168.2.1 & 192.168.2.2 (local DNS server)
DNS2
Frontnet adapter:
ip: xx.xx.xxx.248
subnet: 255.255.248.0
gateway: xx.xx.xxx.1
DNS Servers: yyy.yyy.yyy.4 & yyy.yyy.yyy.5 (ISP DNS)
Backnet adapter
ip: 192.168.9.9
subnet:255.255.0.0
gateway: none
DNS servers: 192.168.2.1 & 192.168.2.2 (local DNS server)
So, you see, I was trying to sync my zone between xx.xx.xxx.250 and xx.xx.xxx.248 but it never worked until I changed my settings (in the zone transfer tab) to the backnet IPs
>>> They are not using NAT as far as I know, each of them as a valid public IP address
If not, and the zone transfer is attempting to go via your default gateway, it may be blocked there.
Could you run IPCONFIG /ALL on both boxes and paste the results here? (Obviously change/blank the public IPs if you aren't in a position to divulge such info.)
DNS1
Frontnet adapter:
ip: xx.xx.xxx.250 (and many others valid public IP)
subnet: 255.255.248.0
gateway: xx.xx.xxx.1
DNS Servers: yyy.yyy.yyy.4 & yyy.yyy.yyy.5 (ISP DNS)
Backnet adapter
ip: 192.168.9.8
subnet:255.255.0.0
gateway: none
DNS servers: 192.168.2.1 & 192.168.2.2 (local DNS server)
DNS2
Frontnet adapter:
ip: xx.xx.xxx.248
subnet: 255.255.248.0
gateway: xx.xx.xxx.1
DNS Servers: yyy.yyy.yyy.4 & yyy.yyy.yyy.5 (ISP DNS)
Backnet adapter
ip: 192.168.9.9
subnet:255.255.0.0
gateway: none
DNS servers: 192.168.2.1 & 192.168.2.2 (local DNS server)
So, you see, I was trying to sync my zone between xx.xx.xxx.250 and xx.xx.xxx.248 but it never worked until I changed my settings (in the zone transfer tab) to the backnet IPs
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
DNS1 is listening on .250 (public IP)
DNS2 is listening on .248 (public IP)
DNS1 is behind my firewall
DNS2 is not
In my firewall, I got 2 rules:
Rule 1 - Incoming DNS: allow any to DNS server on port 53 (TCP and UDP)
Rule 2 - Outgoing DNS: allow from DNS server to any on port 53 (TCP and UDP)
it still doesn't work. Any idea why?
DNS2 is listening on .248 (public IP)
DNS1 is behind my firewall
DNS2 is not
In my firewall, I got 2 rules:
Rule 1 - Incoming DNS: allow any to DNS server on port 53 (TCP and UDP)
Rule 2 - Outgoing DNS: allow from DNS server to any on port 53 (TCP and UDP)
it still doesn't work. Any idea why?
ASKER
btw, i can ping dns1 to dns2 and vice versa using the public ip
ASKER
awww it's working now, somehow...
It is weird because, test1; I use the "Allow zone transfers Only to serveres listed on the Name Servers Tab" and in the name servers tab I got my dns1.domain.com xx.xx.xxx.248 entry. And that doesn't work
Now, on test2: I use the "Allow zone transfers Only to the following servers" and I add the xx.xx.xxx.248 ip. And it works....
At least i got something working and I am very close to want I truly want
thx for your help
It is weird because, test1; I use the "Allow zone transfers Only to serveres listed on the Name Servers Tab" and in the name servers tab I got my dns1.domain.com xx.xx.xxx.248 entry. And that doesn't work
Now, on test2: I use the "Allow zone transfers Only to the following servers" and I add the xx.xx.xxx.248 ip. And it works....
At least i got something working and I am very close to want I truly want
thx for your help
You're welcome, thank you :)
If not, and the zone transfer is attempting to go via your default gateway, it may be blocked there.
Could you run IPCONFIG /ALL on both boxes and paste the results here? (Obviously change/blank the public IPs if you aren't in a position to divulge such info.)