Solved

Internal Vs External DNS & Resoloution

Posted on 2013-06-18
4
482 Views
Last Modified: 2013-06-19
Hi,

My Situation is this.  

I have 1 servers to be deployed.

Server A. 10.1.1.1

This server hosts several different application blades for Mitel applications.

AWC, which controls the teleworker and conferencing phones and application.
UCA, which is the Unified Messaging Client from Mitel which has a Client PC, and Mobile option.

In order for these to be reachable from any where we are using the public DNS name for theses servers.

Public DNS. Company.com
Resolve to: Internal IP Nat Firewall.

How ever this DNS Looup zone is not defined in my Microsoft DNS Server.

Internal DNS: Abbriviated.com

By adding a forward looup zone to my internal DNS for Company.com what would I have to be aware of if I am only going to define a single address to multiple names.

10.1.1.1 / xxx.Company.com
10.1.1.1 / xxx.Company.com

The reason I need to add this to my internal DNS is because we are going out and back in again via the internet to make the connection to this server and applications which is not working.
0
Comment
Question by:shanewilson6002
4 Comments
 

Author Comment

by:shanewilson6002
ID: 39257806
Changed Area
0
 
LVL 21

Assisted Solution

by:Jakob Digranes
Jakob Digranes earned 150 total points
ID: 39259056
I'm not quite sure i fully understand, but you need to create a splitDNS - having the same domain public and internal, but with local addresses on LAN and public addresses on LAN?

What you need to make sure is that when creating company.com on internal LAN, with 10.1.1.1 A-record - you also need ot create all other public A records for company.com

So if you create a internal DNS-sone for company.com, you have to add all other company.com records internally as well.

Public DNS - company.com
A-record: www.company.com - 62.97.1.2
A-record: webmail.company.com - 62.97.1.3
A-record: ftp.company.com - 62.97.1.4
srv-record: _sip._tcp.company.com - 62.97.1.5
A-record: mitel.company.com - 62.97.1.6

internal DNS - company.com
A-record: www.company.com - 62.97.1.2
A-record: webmail.company.com - 62.97.1.3
srv-record: _sip._tcp.company.com - 62.97.1.5
A-record: mitel.company.com - 10.1.1.1

All records NOT present in internal DNS, but present i public will fail. As with example above, ftp.company.com is only in public DNS and if clients on LAN tries to connect to ftp.company.com it will most likely give them "host not found"
0
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 350 total points
ID: 39259068
Personally, if its possible, I would setup a sub-domain for abbriviated.com(not a real AD subdomain, just DNS subdomain zone), create the needed records there and then reconfigure the device application to those new records rather than the company.com ones.  The reason is that hosting a mirror image of a DNS zone internally that is actually external can be a massive pain.  I've done it and got off it as fast as I could.

My first question is what kind of firewall do you have?  Are you doing 1-to-1 static NAT with the servers your devices connect to.  If so and you have the right firewall, you may be capable of having the firewall do DNS reply manipulation so that the IP in the reply gets translated to the internal IP address.

If that is a no go and you must mirror the external zone, then you need to find out all of the records that are hosted by the external zone (e.g. A, CNAME, AAAA, MX, etc.).  You must re-create all of those records in your zone on your DNS server that you host.  If there are any changes to the zone you must ensure those changes happen in both zones.  Not super hard, but annoying and can easily be messed up which is why, at least personally, I wouldn't recommend this method but if you don't have another option then this will work.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39259621
The best option would be the DNS subdomain zone as posted above.  It's a nightmare to mirror the same DNS zone with internal and external records for the same hosts.

- gurutc
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding 14 149
SCCM 2012 - PXE WinPE - Boot Resolution Low 10 82
Nimble Storage 3 64
Switch ports not working 8 32
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question