drichman
asked on
Blocking DNS IP registration of public server Win 2003/2012R2
I have a Windows 2012 server in the DMZ with an internal IP address and have unset the option to register the IP in DNS. I have assigned the server a public IP address and created an A record on our Win 2003 DNS servers and created proper routing so that everyone can hit the server with the public IP. The problem is that the internal IP keeps repopulating itself in DNS and therefore clients are attempting to connect with the internal IP from remote sites via the VPN tunnel instead of the public internet. Is there something else i need to do to stop the registration of the internal IP in DNS?
ASKER
No, not using VLAN's in this situation, and I do not believe i need them. All I am trying to do is make the 2012 server not register its IP in DNS, which would allow my manually entered A record at the only answer upon lookup.
You should try removing it from the internal domain. If it is a windows domain member, then it will always register in DNS, because LDAP.
ASKER
It has to be a domain member as it is a password management portal.
Try creating a split-brain DNS for internal v. external. If clients are connecting via VPN, they will resolve internally by design, requiring this setup. Details here on concept and configuration:
http://windowsitpro.com/networking/split-brain-dns
But here is the TL;DR.
Create a zone on 2k3 DNS so that foo.bar responds to internal address of your server. The A record for the ISP will do the job for the internet connecting to foo.bar
http://windowsitpro.com/networking/split-brain-dns
But here is the TL;DR.
Create a zone on 2k3 DNS so that foo.bar responds to internal address of your server. The A record for the ISP will do the job for the internet connecting to foo.bar
ASKER
I believe you are over complicating the issue. All I am looking for is to block the registration of the adapters IP address in DNS....
This is simple task to complete if you have a dual homed server (2x NIC's)
LAN 1: Public
LAN 2: Private Network
Not sure if this is the case because its not mentioned..
Go to DNS management on your DMZ server.
Right click the server name and select properties.
Select only the following IP address and disable the adapter on the Private (local) network.
DirkMare
LAN 1: Public
LAN 2: Private Network
Not sure if this is the case because its not mentioned..
Go to DNS management on your DMZ server.
Right click the server name and select properties.
Select only the following IP address and disable the adapter on the Private (local) network.
DirkMare
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This solution blocked the DNS registration.
https://www.experts-exchange.com/questions/24480219/Vlans.html