Solved

Internal Vs External DNS & Resoloution

Posted on 2013-06-18
4
488 Views
Last Modified: 2013-06-19
Hi,

My Situation is this.  

I have 1 servers to be deployed.

Server A. 10.1.1.1

This server hosts several different application blades for Mitel applications.

AWC, which controls the teleworker and conferencing phones and application.
UCA, which is the Unified Messaging Client from Mitel which has a Client PC, and Mobile option.

In order for these to be reachable from any where we are using the public DNS name for theses servers.

Public DNS. Company.com
Resolve to: Internal IP Nat Firewall.

How ever this DNS Looup zone is not defined in my Microsoft DNS Server.

Internal DNS: Abbriviated.com

By adding a forward looup zone to my internal DNS for Company.com what would I have to be aware of if I am only going to define a single address to multiple names.

10.1.1.1 / xxx.Company.com
10.1.1.1 / xxx.Company.com

The reason I need to add this to my internal DNS is because we are going out and back in again via the internet to make the connection to this server and applications which is not working.
0
Comment
Question by:shanewilson6002
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 

Author Comment

by:shanewilson6002
ID: 39257806
Changed Area
0
 
LVL 21

Assisted Solution

by:Jakob Digranes
Jakob Digranes earned 150 total points
ID: 39259056
I'm not quite sure i fully understand, but you need to create a splitDNS - having the same domain public and internal, but with local addresses on LAN and public addresses on LAN?

What you need to make sure is that when creating company.com on internal LAN, with 10.1.1.1 A-record - you also need ot create all other public A records for company.com

So if you create a internal DNS-sone for company.com, you have to add all other company.com records internally as well.

Public DNS - company.com
A-record: www.company.com - 62.97.1.2
A-record: webmail.company.com - 62.97.1.3
A-record: ftp.company.com - 62.97.1.4
srv-record: _sip._tcp.company.com - 62.97.1.5
A-record: mitel.company.com - 62.97.1.6

internal DNS - company.com
A-record: www.company.com - 62.97.1.2
A-record: webmail.company.com - 62.97.1.3
srv-record: _sip._tcp.company.com - 62.97.1.5
A-record: mitel.company.com - 10.1.1.1

All records NOT present in internal DNS, but present i public will fail. As with example above, ftp.company.com is only in public DNS and if clients on LAN tries to connect to ftp.company.com it will most likely give them "host not found"
0
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 350 total points
ID: 39259068
Personally, if its possible, I would setup a sub-domain for abbriviated.com(not a real AD subdomain, just DNS subdomain zone), create the needed records there and then reconfigure the device application to those new records rather than the company.com ones.  The reason is that hosting a mirror image of a DNS zone internally that is actually external can be a massive pain.  I've done it and got off it as fast as I could.

My first question is what kind of firewall do you have?  Are you doing 1-to-1 static NAT with the servers your devices connect to.  If so and you have the right firewall, you may be capable of having the firewall do DNS reply manipulation so that the IP in the reply gets translated to the internal IP address.

If that is a no go and you must mirror the external zone, then you need to find out all of the records that are hosted by the external zone (e.g. A, CNAME, AAAA, MX, etc.).  You must re-create all of those records in your zone on your DNS server that you host.  If there are any changes to the zone you must ensure those changes happen in both zones.  Not super hard, but annoying and can easily be messed up which is why, at least personally, I wouldn't recommend this method but if you don't have another option then this will work.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39259621
The best option would be the DNS subdomain zone as posted above.  It's a nightmare to mirror the same DNS zone with internal and external records for the same hosts.

- gurutc
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question