Solved

DNS Record or Port Mapping?

Posted on 2014-03-20
8
327 Views
Last Modified: 2016-02-11
All,

I have a web server sitting inside of a production network. This web server, tdxs3, has been assigned an external IP address of 96.2.192.139 which DNS should point to it's internal IP address of 172.30.115.246. When trying to hit it from the outside using tdxs3.dsdk12.net, nothing pops up. Hit the IP however, and it works. (Internally, everything works, of course - nothing to resolve) By the way, the switch routes the external IP to the internal IP. So, I think it's port mapped properly. So I'm fairly certain this is a DNS issue. I've changed the DNS record, incremented the SOA serial and restarted named. (FreeBSD box) But even after 24 hours, I'm getting nothing. (I have two DNS zone masters, one for external, the other for internal)

This is the record for external:

tdxs3 IN A 96.2.192.139

tdxs3 IN CNAME tdxs3.dsdk12.net

And internal:

tdxs3 A 172.30.115.246

Am I missing something really obvious here?
0
Comment
Question by:Jcb1974
8 Comments
 
LVL 10

Expert Comment

by:0xSaPx0
ID: 39943129
Easy test. From externally point your DNS to your external dns. If it resolves its a propagation issue, if it does not resolve it is a DNS record issue.

All you need is a DNS A record which I see you have to get resolution working so my guess is that it is a propagation issue.

If you have home based internet as opposed to business its worth calling your ISP to verify they have no problem with you running a DNS server.
0
 
LVL 6

Expert Comment

by:Tim Phillips
ID: 39943130
Is there a router between the server and the internet?  If so you need to either forward the ports for web (port 80, 443) or use one-to-one NAT.
0
 

Author Comment

by:Jcb1974
ID: 39943150
Yeah, I have a switch between the production web server and the outside. The firewall is actually forwarding traffic to the internal IP with a rule. But it isn't resolving. Mayhaps another 24 hours, if it is a propagation issue?
0
 
LVL 10

Expert Comment

by:0xSaPx0
ID: 39943158
If you can get to it via IP, you don't have a problem with firewall rules or NAT/PAT.

This is specifically a DNS issue.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:Jcb1974
ID: 39943220
That's precisely what I thought. And it appears the A records I have in DNS are formatted correctly, right? So, I presumed it was DNS. I dropped my TTL to 60, and figured I'd wait 24 hours.
0
 
LVL 10

Expert Comment

by:0xSaPx0
ID: 39943231
Propagation is generally 1 - 48 hours. So its most likely that. However, if you point directly at the DNS server in your DNS Settings, you should be able to resolve the name (all this is external), if so then its simply a waiting game.
0
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
ID: 39943793
Once cached CNAME takes precedence and brings client resolver into loop.
0
 

Author Closing Comment

by:Jcb1974
ID: 39950797
Thanks for the help!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now