Resolve Internal address with Public DNS

Posted on 2011-10-13
Medium Priority
Last Modified: 2012-05-12
Server on Internal Network: serverA.somedomain.com
Private IP: 172.xxx.xxx.xxx
Public IP: 94.xxx.xxx.xxx SNAT to Internal through firewall.

Users need access publicly and privately using PDA's, laptops and desktops. The issue I am running into is via my employee WiFi. WiFi is setup to assign the user to a different VLAN in order to completely isolate WiFi traffic from my Corporate network. The DHCP scope for my WiFi VLAN assigns public DNS servers for name resolution. serverA has a public DNS record which points to the 94.xxx.xxx.xxx address which is NAT'd through my firewall. What is obviously happening on the WiFi is that users are hitting the public DNS record and having to make a hairpin turn to come back in the firewall. This isn't working very well and they are getting an error stating the server can't be reached. How do I handle this? There has to be some way to establish either a route or something for a hairpin turn of this nature.
Question by:Haze0830
  • 2

Expert Comment

ID: 36963983
Is your DNS server accisble from a machine outside the company.

If that is so then external machine is accessible from external machines.  
I would add appropriate rules to your switch/router that connects to the wireless network to  allow dns lookup directly to dns server and point all your WiFi to the servers internal address.  

Better solution:
Build an infrastructure Bastion Host to sit on wireless network with one interface and the other interface in the appropriate security zone.  You can lock it down to handle things like DNS/NTP and your wirless clients can use that.

Accepted Solution

Haze0830 earned 0 total points
ID: 36964187
No. And I don't particularly like for my DNS servers to be accessible from the outside. I prefer to just use forwarders to my ISP's DNS servers. My public records are maintained on my web-hosts name servers.

I got it figured out though. SNAT Loopback. I had to add a route in my firewall via a Policy get the traffic routed correctly. It was actually pretty easy once I got on Watchguard's forums and discovered that this seems to be a common problem. I had never even heard of SNAT Loopback until now.

Author Closing Comment

ID: 36984615
Resolution in comments. Figured this out on my own.

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question