Internal Vs External DNS & Resoloution

Hi,

My Situation is this.  

I have 1 servers to be deployed.

Server A. 10.1.1.1

This server hosts several different application blades for Mitel applications.

AWC, which controls the teleworker and conferencing phones and application.
UCA, which is the Unified Messaging Client from Mitel which has a Client PC, and Mobile option.

In order for these to be reachable from any where we are using the public DNS name for theses servers.

Public DNS. Company.com
Resolve to: Internal IP Nat Firewall.

How ever this DNS Looup zone is not defined in my Microsoft DNS Server.

Internal DNS: Abbriviated.com

By adding a forward looup zone to my internal DNS for Company.com what would I have to be aware of if I am only going to define a single address to multiple names.

10.1.1.1 / xxx.Company.com
10.1.1.1 / xxx.Company.com

The reason I need to add this to my internal DNS is because we are going out and back in again via the internet to make the connection to this server and applications which is not working.
shanewilson6002Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Cyclops3590Connect With a Mentor Commented:
Personally, if its possible, I would setup a sub-domain for abbriviated.com(not a real AD subdomain, just DNS subdomain zone), create the needed records there and then reconfigure the device application to those new records rather than the company.com ones.  The reason is that hosting a mirror image of a DNS zone internally that is actually external can be a massive pain.  I've done it and got off it as fast as I could.

My first question is what kind of firewall do you have?  Are you doing 1-to-1 static NAT with the servers your devices connect to.  If so and you have the right firewall, you may be capable of having the firewall do DNS reply manipulation so that the IP in the reply gets translated to the internal IP address.

If that is a no go and you must mirror the external zone, then you need to find out all of the records that are hosted by the external zone (e.g. A, CNAME, AAAA, MX, etc.).  You must re-create all of those records in your zone on your DNS server that you host.  If there are any changes to the zone you must ensure those changes happen in both zones.  Not super hard, but annoying and can easily be messed up which is why, at least personally, I wouldn't recommend this method but if you don't have another option then this will work.
0
 
shanewilson6002Author Commented:
Changed Area
0
 
Jakob DigranesConnect With a Mentor Senior ConsultantCommented:
I'm not quite sure i fully understand, but you need to create a splitDNS - having the same domain public and internal, but with local addresses on LAN and public addresses on LAN?

What you need to make sure is that when creating company.com on internal LAN, with 10.1.1.1 A-record - you also need ot create all other public A records for company.com

So if you create a internal DNS-sone for company.com, you have to add all other company.com records internally as well.

Public DNS - company.com
A-record: www.company.com - 62.97.1.2
A-record: webmail.company.com - 62.97.1.3
A-record: ftp.company.com - 62.97.1.4
srv-record: _sip._tcp.company.com - 62.97.1.5
A-record: mitel.company.com - 62.97.1.6

internal DNS - company.com
A-record: www.company.com - 62.97.1.2
A-record: webmail.company.com - 62.97.1.3
srv-record: _sip._tcp.company.com - 62.97.1.5
A-record: mitel.company.com - 10.1.1.1

All records NOT present in internal DNS, but present i public will fail. As with example above, ftp.company.com is only in public DNS and if clients on LAN tries to connect to ftp.company.com it will most likely give them "host not found"
0
 
gurutcCommented:
The best option would be the DNS subdomain zone as posted above.  It's a nightmare to mirror the same DNS zone with internal and external records for the same hosts.

- gurutc
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.