?
Solved

Internal Vs External DNS & Resoloution

Posted on 2013-06-18
4
Medium Priority
?
505 Views
Last Modified: 2013-06-19
Hi,

My Situation is this.  

I have 1 servers to be deployed.

Server A. 10.1.1.1

This server hosts several different application blades for Mitel applications.

AWC, which controls the teleworker and conferencing phones and application.
UCA, which is the Unified Messaging Client from Mitel which has a Client PC, and Mobile option.

In order for these to be reachable from any where we are using the public DNS name for theses servers.

Public DNS. Company.com
Resolve to: Internal IP Nat Firewall.

How ever this DNS Looup zone is not defined in my Microsoft DNS Server.

Internal DNS: Abbriviated.com

By adding a forward looup zone to my internal DNS for Company.com what would I have to be aware of if I am only going to define a single address to multiple names.

10.1.1.1 / xxx.Company.com
10.1.1.1 / xxx.Company.com

The reason I need to add this to my internal DNS is because we are going out and back in again via the internet to make the connection to this server and applications which is not working.
0
Comment
Question by:shanewilson6002
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 

Author Comment

by:shanewilson6002
ID: 39257806
Changed Area
0
 
LVL 22

Assisted Solution

by:Jakob Digranes
Jakob Digranes earned 600 total points
ID: 39259056
I'm not quite sure i fully understand, but you need to create a splitDNS - having the same domain public and internal, but with local addresses on LAN and public addresses on LAN?

What you need to make sure is that when creating company.com on internal LAN, with 10.1.1.1 A-record - you also need ot create all other public A records for company.com

So if you create a internal DNS-sone for company.com, you have to add all other company.com records internally as well.

Public DNS - company.com
A-record: www.company.com - 62.97.1.2
A-record: webmail.company.com - 62.97.1.3
A-record: ftp.company.com - 62.97.1.4
srv-record: _sip._tcp.company.com - 62.97.1.5
A-record: mitel.company.com - 62.97.1.6

internal DNS - company.com
A-record: www.company.com - 62.97.1.2
A-record: webmail.company.com - 62.97.1.3
srv-record: _sip._tcp.company.com - 62.97.1.5
A-record: mitel.company.com - 10.1.1.1

All records NOT present in internal DNS, but present i public will fail. As with example above, ftp.company.com is only in public DNS and if clients on LAN tries to connect to ftp.company.com it will most likely give them "host not found"
0
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 1400 total points
ID: 39259068
Personally, if its possible, I would setup a sub-domain for abbriviated.com(not a real AD subdomain, just DNS subdomain zone), create the needed records there and then reconfigure the device application to those new records rather than the company.com ones.  The reason is that hosting a mirror image of a DNS zone internally that is actually external can be a massive pain.  I've done it and got off it as fast as I could.

My first question is what kind of firewall do you have?  Are you doing 1-to-1 static NAT with the servers your devices connect to.  If so and you have the right firewall, you may be capable of having the firewall do DNS reply manipulation so that the IP in the reply gets translated to the internal IP address.

If that is a no go and you must mirror the external zone, then you need to find out all of the records that are hosted by the external zone (e.g. A, CNAME, AAAA, MX, etc.).  You must re-create all of those records in your zone on your DNS server that you host.  If there are any changes to the zone you must ensure those changes happen in both zones.  Not super hard, but annoying and can easily be messed up which is why, at least personally, I wouldn't recommend this method but if you don't have another option then this will work.
0
 
LVL 16

Expert Comment

by:gurutc
ID: 39259621
The best option would be the DNS subdomain zone as posted above.  It's a nightmare to mirror the same DNS zone with internal and external records for the same hosts.

- gurutc
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question