Solved

Internal Vs External DNS & Resoloution

Posted on 2013-06-18
4
478 Views
Last Modified: 2013-06-19
Hi,

My Situation is this.  

I have 1 servers to be deployed.

Server A. 10.1.1.1

This server hosts several different application blades for Mitel applications.

AWC, which controls the teleworker and conferencing phones and application.
UCA, which is the Unified Messaging Client from Mitel which has a Client PC, and Mobile option.

In order for these to be reachable from any where we are using the public DNS name for theses servers.

Public DNS. Company.com
Resolve to: Internal IP Nat Firewall.

How ever this DNS Looup zone is not defined in my Microsoft DNS Server.

Internal DNS: Abbriviated.com

By adding a forward looup zone to my internal DNS for Company.com what would I have to be aware of if I am only going to define a single address to multiple names.

10.1.1.1 / xxx.Company.com
10.1.1.1 / xxx.Company.com

The reason I need to add this to my internal DNS is because we are going out and back in again via the internet to make the connection to this server and applications which is not working.
0
Comment
Question by:shanewilson6002
4 Comments
 

Author Comment

by:shanewilson6002
Comment Utility
Changed Area
0
 
LVL 20

Assisted Solution

by:Jakob Digranes
Jakob Digranes earned 150 total points
Comment Utility
I'm not quite sure i fully understand, but you need to create a splitDNS - having the same domain public and internal, but with local addresses on LAN and public addresses on LAN?

What you need to make sure is that when creating company.com on internal LAN, with 10.1.1.1 A-record - you also need ot create all other public A records for company.com

So if you create a internal DNS-sone for company.com, you have to add all other company.com records internally as well.

Public DNS - company.com
A-record: www.company.com - 62.97.1.2
A-record: webmail.company.com - 62.97.1.3
A-record: ftp.company.com - 62.97.1.4
srv-record: _sip._tcp.company.com - 62.97.1.5
A-record: mitel.company.com - 62.97.1.6

internal DNS - company.com
A-record: www.company.com - 62.97.1.2
A-record: webmail.company.com - 62.97.1.3
srv-record: _sip._tcp.company.com - 62.97.1.5
A-record: mitel.company.com - 10.1.1.1

All records NOT present in internal DNS, but present i public will fail. As with example above, ftp.company.com is only in public DNS and if clients on LAN tries to connect to ftp.company.com it will most likely give them "host not found"
0
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 350 total points
Comment Utility
Personally, if its possible, I would setup a sub-domain for abbriviated.com(not a real AD subdomain, just DNS subdomain zone), create the needed records there and then reconfigure the device application to those new records rather than the company.com ones.  The reason is that hosting a mirror image of a DNS zone internally that is actually external can be a massive pain.  I've done it and got off it as fast as I could.

My first question is what kind of firewall do you have?  Are you doing 1-to-1 static NAT with the servers your devices connect to.  If so and you have the right firewall, you may be capable of having the firewall do DNS reply manipulation so that the IP in the reply gets translated to the internal IP address.

If that is a no go and you must mirror the external zone, then you need to find out all of the records that are hosted by the external zone (e.g. A, CNAME, AAAA, MX, etc.).  You must re-create all of those records in your zone on your DNS server that you host.  If there are any changes to the zone you must ensure those changes happen in both zones.  Not super hard, but annoying and can easily be messed up which is why, at least personally, I wouldn't recommend this method but if you don't have another option then this will work.
0
 
LVL 16

Expert Comment

by:gurutc
Comment Utility
The best option would be the DNS subdomain zone as posted above.  It's a nightmare to mirror the same DNS zone with internal and external records for the same hosts.

- gurutc
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco MAC address finding 5 45
Windows 7 Share with XP 22 55
WAN IP Conflict on Sonicwall 5 55
Extending  a subnet 9 33
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now