Creating a DNS entry for a web site on the DMZ of the firewall
I have a zone file entry for "site.domain.com" poinnting to an external IP on my firewall.
The server has an internal IP on the DMZ side of the firewall.
The site is accessible by all users on the WAN.
However all users inside the LAN portion of the network can only access it by using the IP address instead of the url.
I understand that I need to create an internal DNS entry in my SBS 2003 server to allow for this but have no idea how.
The server has an internal IP on the DMZ side of the firewall.
The site is accessible by all users on the WAN.
However all users inside the LAN portion of the network can only access it by using the IP address instead of the url.
I understand that I need to create an internal DNS entry in my SBS 2003 server to allow for this but have no idea how.
Matt V
You need to create a zone in the SBS DNS for the external domain name, and just add the single host.
You need to create a split DNS zone or a Pin-point zone on your DNS Server.
Taken from: http://technet.microsoft.com/en-us/library/gg398758.aspx
Zone files is not a common terms used by Windows Engineers.
So I'm guessing that it's an external zone or non-microsoft DNS server?
Is your SBS server currently your DNS server for your domain?
Then run the following commands:
dnscmd . /zoneadd <<FQDN of website>> /dsprimary
dnscmd . /recordadd <<FQDN of website>> . @ A <<ipaddress>>
N.B. In the 2nd command, the . [fullstop/period] after <<FQDN of website>> is required.
VERY N.B. Always make a backup of your DNS zones before making any changes.
dnscmd . /zoneexport <<ZoneName>> <<FileName>>
Taken from: http://technet.microsoft.com/en-us/library/gg398758.aspx
Pin-point internal zone If creating an entire zone in the internal DNS is not an option, you can create pin-point (that is, dedicated) zones that correspond to the SRV records that are required for automatic configuration, and populate those zones using dnscmd.exe. Dnscmd.exe is required because the DNS user interface does not support creation of pin-point zones. For example, if the SIP domain is contoso.com and you have a Front End pool called pool01 that contains two Front End Servers, you need the following pin-point zones and A records in your internal DNS:
Zone files is not a common terms used by Windows Engineers.
So I'm guessing that it's an external zone or non-microsoft DNS server?
Is your SBS server currently your DNS server for your domain?
Then run the following commands:
dnscmd . /zoneadd <<FQDN of website>> /dsprimary
dnscmd . /recordadd <<FQDN of website>> . @ A <<ipaddress>>
N.B. In the 2nd command, the . [fullstop/period] after <<FQDN of website>> is required.
VERY N.B. Always make a backup of your DNS zones before making any changes.
dnscmd . /zoneexport <<ZoneName>> <<FileName>>
ASKER
The zone files are hosted at our ISP and all is fine there.
I just need to create an entry (I think) in my sbs 2003 DNS to point to this addtional web site which is not a primary location. It is on a different IP segment (DMZ) than my internal domain where I do not want to change anything.
My internal domain is on 192.168.10.xx the web server is on 192.168.0.xx
Where in the DNS tree do I need to enter the pointer ?
I just need to create an entry (I think) in my sbs 2003 DNS to point to this addtional web site which is not a primary location. It is on a different IP segment (DMZ) than my internal domain where I do not want to change anything.
My internal domain is on 192.168.10.xx the web server is on 192.168.0.xx
Where in the DNS tree do I need to enter the pointer ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did use the firewall method by creating a loopback and all is fine now.
This was the easiest way and I do not feel confident mucking with my DNS.
This was the easiest way and I do not feel confident mucking with my DNS.