Solved

DNS Record or Port Mapping?

Posted on 2014-03-20
8
356 Views
Last Modified: 2016-02-11
All,

I have a web server sitting inside of a production network. This web server, tdxs3, has been assigned an external IP address of 96.2.192.139 which DNS should point to it's internal IP address of 172.30.115.246. When trying to hit it from the outside using tdxs3.dsdk12.net, nothing pops up. Hit the IP however, and it works. (Internally, everything works, of course - nothing to resolve) By the way, the switch routes the external IP to the internal IP. So, I think it's port mapped properly. So I'm fairly certain this is a DNS issue. I've changed the DNS record, incremented the SOA serial and restarted named. (FreeBSD box) But even after 24 hours, I'm getting nothing. (I have two DNS zone masters, one for external, the other for internal)

This is the record for external:

tdxs3 IN A 96.2.192.139

tdxs3 IN CNAME tdxs3.dsdk12.net

And internal:

tdxs3 A 172.30.115.246

Am I missing something really obvious here?
0
Comment
Question by:Jcb1974
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 10

Expert Comment

by:0xSaPx0
ID: 39943129
Easy test. From externally point your DNS to your external dns. If it resolves its a propagation issue, if it does not resolve it is a DNS record issue.

All you need is a DNS A record which I see you have to get resolution working so my guess is that it is a propagation issue.

If you have home based internet as opposed to business its worth calling your ISP to verify they have no problem with you running a DNS server.
0
 
LVL 6

Expert Comment

by:Tim Phillips
ID: 39943130
Is there a router between the server and the internet?  If so you need to either forward the ports for web (port 80, 443) or use one-to-one NAT.
0
 

Author Comment

by:Jcb1974
ID: 39943150
Yeah, I have a switch between the production web server and the outside. The firewall is actually forwarding traffic to the internal IP with a rule. But it isn't resolving. Mayhaps another 24 hours, if it is a propagation issue?
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 10

Expert Comment

by:0xSaPx0
ID: 39943158
If you can get to it via IP, you don't have a problem with firewall rules or NAT/PAT.

This is specifically a DNS issue.
0
 

Author Comment

by:Jcb1974
ID: 39943220
That's precisely what I thought. And it appears the A records I have in DNS are formatted correctly, right? So, I presumed it was DNS. I dropped my TTL to 60, and figured I'd wait 24 hours.
0
 
LVL 10

Expert Comment

by:0xSaPx0
ID: 39943231
Propagation is generally 1 - 48 hours. So its most likely that. However, if you point directly at the DNS server in your DNS Settings, you should be able to resolve the name (all this is external), if so then its simply a waiting game.
0
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 39943793
Once cached CNAME takes precedence and brings client resolver into loop.
0
 

Author Closing Comment

by:Jcb1974
ID: 39950797
Thanks for the help!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question