Jean-François Guénet
asked on
Deny access to a DNS host for a subnet
Hello is it possible to deny access to a A host in Windows 2016 DNS for a subnet
So for exemple i don't want that the subnet 172.16.1.0/24 can know about the host OWA
So for exemple if 172.16.1.50 ping OWAi don't want him to know the ip adress
The reason for this is that we have Cellphone and when they connected to the VPN email client don't work because they tried to reach OWA with the internal ip
So i want them to use the external public ip of OWA instead when connected to the VPN
Thanks for the help !
So for exemple i don't want that the subnet 172.16.1.0/24 can know about the host OWA
So for exemple if 172.16.1.50 ping OWAi don't want him to know the ip adress
The reason for this is that we have Cellphone and when they connected to the VPN email client don't work because they tried to reach OWA with the internal ip
So i want them to use the external public ip of OWA instead when connected to the VPN
Thanks for the help !
VPN is basically your internal network so OWA should work just fine, but the native email client may be affected and not work, but OWA should still work. is that what you are experiencing?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
for windows DNS, you are out of luck.
I do not know what is the purpose of this, however the work around is setup a standalone DNS (I assume you are in DMZ), may be 2 servers as the DNS servers for the subnet.
you can configure any record as you wish without breaking the production DNS. (a zone that only sits in the DMZ dns)
I do not know what is the purpose of this, however the work around is setup a standalone DNS (I assume you are in DMZ), may be 2 servers as the DNS servers for the subnet.
you can configure any record as you wish without breaking the production DNS. (a zone that only sits in the DMZ dns)
ASKER
Ive done what kevinhsieh told. So i create a NAT Loopback so internal client can access OWA with external ip address and my dns host OWA now point to the external ip address instead of private ip
Thanks !
Thanks !
or null route (black hole route...) the subnet you want to block.
Some DNS servers have their own access rules.