Link to home
Start Free TrialLog in
Avatar of drichman
drichmanFlag for United States of America

asked on

Blocking DNS IP registration of public server Win 2003/2012R2

I have a Windows 2012 server in the DMZ with an internal IP address and have unset the option to register the IP in DNS. I have assigned the server a public IP address and created an A record on our Win 2003 DNS servers and created proper routing so that everyone can hit the server with the public IP. The problem is that the internal IP keeps repopulating itself in DNS and therefore clients are attempting to connect with the internal IP from remote sites via the VPN tunnel instead of the public internet. Is there something else i need to do to stop the registration of the internal IP in DNS?
Avatar of RantCan
RantCan
Flag of United States of America image
Are you using VLANs? If not, this looks like a complex enough set up, you might need them. VLAN would solve this problem by segmenting the DNS for the internal v. DMZ.  There are details on this thread:

https://www.experts-exchange.com/questions/24480219/Vlans.html
Avatar of drichman
drichman
Flag of United States of America image

ASKER

No, not using VLAN's in this situation, and I do not believe i need them. All I am trying to do is make the 2012 server not register its IP in DNS, which would allow my manually entered A record at the only answer upon lookup.
Avatar of RantCan
RantCan
Flag of United States of America image
You should try removing it from the internal domain. If it is a windows domain member, then it will always register in DNS, because LDAP.
Avatar of drichman
drichman
Flag of United States of America image

ASKER

It has to be a domain member as it is a password management portal.
Avatar of RantCan
RantCan
Flag of United States of America image
Try creating a split-brain DNS for internal v. external. If clients are connecting via VPN, they will resolve internally by design, requiring this setup.  Details here on concept and configuration:

http://windowsitpro.com/networking/split-brain-dns

But here is the TL;DR.

Create a zone on 2k3 DNS so that foo.bar responds to internal address of your server. The A record for the ISP will do the job for the internet connecting to foo.bar
Avatar of drichman
drichman
Flag of United States of America image

ASKER

I believe you are over complicating the issue. All I am looking for is to block the registration of the adapters IP address in DNS....
Avatar of Dirk Mare
Dirk Mare
Flag of South Africa image
This is simple task to complete if you have a dual homed server (2x NIC's)
LAN 1: Public
LAN 2: Private Network
Not sure if this is the case because its not mentioned..
Go to DNS management on your DMZ server.

Right click the server name and select properties.
User generated image
Select only the following IP address and disable the adapter on the Private (local) network.

DirkMare
ASKER CERTIFIED SOLUTION
Avatar of drichman
drichman
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of drichman
drichman
Flag of United States of America image

ASKER

This solution blocked the DNS registration.