DNS - how to setup dns to give out external IP not internal

[DLongan]

Hello Everyone,

Using win2k w/AD, dns, and exchange 2k loaded on the same
server.

DNS works fine internally, we are able to do local and
external name resolution.

The problem is external queries coming in -

I have opened up ports tcp/udp 53 on the firewall so we
can have external queries point to the internal DNS for
name resolution for smtp/pop3/http.

Setup firewall ports to point to the internal server IP

Using DIG on a system that is external, I have captured
the packets for decode. I have noticed when we query the
server using our external IP address, the DNS server
responds with the A record for the NS internal address.

I created a NS record pointing to the external address, so
now I have two NS records one points internal the other
external.

Is there a way to have DNS respond differently if the
query is external or internal?

Any help would be great.

DLongan

 

[Kevin D. Goodknecht [MVP]]

In DLongan <[email protected]> posted a question
Then Kevin replied below:
: Hello Everyone,
:
: Using win2k w/AD, dns, and exchange 2k loaded on the same
: server.
:
: DNS works fine internally, we are able to do local and
: external name resolution.
:
: The problem is external queries coming in -
:
: I have opened up ports tcp/udp 53 on the firewall so we
: can have external queries point to the internal DNS for
: name resolution for smtp/pop3/http.
:
: Setup firewall ports to point to the internal server IP
:
: Using DIG on a system that is external, I have captured
: the packets for decode. I have noticed when we query the
: server using our external IP address, the DNS server
: responds with the A record for the NS internal address.
:
: I created a NS record pointing to the external address, so
: now I have two NS records one points internal the other
: external.
:
: Is there a way to have DNS respond differently if the
: query is external or internal?
:
: Any help would be great.
:
: DLongan

You need another machine with DNS installed and its zones must have only
public records in them. Then forward incoming queries to the DNS server with
the public records.
That is the only way you can do this with MS DNS.
BIND can do this because BIND DNS has the views option meaning it can give
out records based on where the query is coming from.

 

[Jonathan de Boyne Pollard]

D> the DNS server responds with the A record for the
D> NS internal address.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-ms-dcs-overwrite-domain-name.html>

D> Is there a way to have [a] DNS [server] respond
D> differently if the query is external or internal?

No, not with Microsoft's DNS server. It doesn't support tagged
database records.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon.html>