DNS does not resolve NAT address

[Jimme Quinn Ross]

Q.) How can I set up our internal DNS so that our public
name is resolved to our private IP address?

Info.
We have an internal DNS that works fine inside the firewall

The public address for our Web site is not resolved
because we can't use NAT'd address' internally.

Jimme

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Q.) How can I set up our internal DNS so that our public
name is resolved to our private IP address?

Info.
We have an internal DNS that works fine inside the
firewall

The public address for our Web site is not resolved
because we can't use NAT'd address' internally.

Jimme

By creating a zone for the web site name, e.g. www.example.com then in that
zone, create a new host leave the name field blank and give it the IP of the
Web server.
This way your DNS server only resolves www.example.com to the internal IP
and all other names in example.com will be forwarded.

 

[Guest]

Fantastic! It worked! Thanks you very much.

It resolved nyslrs.state.ny.us fine, but when I added a
zone named public.leginfo.state.ny.us it did not resolve.
I will need to add several more but do not have the names.

Any thoughts?

Jimme

-----Original Message-----
In

By creating a zone for the web site name, e.g.

www.example.com then in that

 

[Kevin D. Goodknecht Sr. [MVP]]

In (e-mail address removed) <[email protected]>
commented
Then Kevin replied below:

Fantastic! It worked! Thanks you very much.

It resolved nyslrs.state.ny.us fine, but when I added a
zone named public.leginfo.state.ny.us it did not resolve.
I will need to add several more but do not have the names.

Did you create the blank record with this IP address?
public.leginfo.state.ny.us. 86400 IN A 68.236.129.8

 

[Ace Fekay [MVP]]

In

In (e-mail address removed)


Did you create the blank record with this IP address?
public.leginfo.state.ny.us. 86400 IN A 68.236.129.8

I think that may be his WAN IP address of his NAT. Wasn't he asking for the
internal address?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Kevin D. Goodknecht Sr. [MVP]]

In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
commented
Then Kevin replied below:

In

I think that may be his WAN IP address of his NAT. Wasn't
he asking for the internal address?

You're so right, I guess there's no way for me to tell him that.

 

[Ace Fekay [MVP]]

In

You're so right, I guess there's no way for me to tell him that.

Ok, I wasn't sure. That's what I thought. I guess if he doesn't post back,
hope he figures it out!



Ace

 

[Ed Horley]

Are you using the internal DNS server to answer external queries? In other
words, you have a NAT mapping on your firewall that allows external clients
to connect to your internal DNS server? That seems to be what you are
saying.
If that is the case, your entries on your internal DNS server are for
external IP addresses (not rfc 1918 space) and will only reply back with
those external IP addresses. If your firewall does aliasing (the Cisco PIX
does this) then you can tell the firewall to "lookup" the NAT translation
for the Public IP address and use the internal address when it gets hit with
the request. It will then redirect the traffic to the webserver after it
fixes the ip addresses in the packets.
Other options are to create a different DNS server for your internal client
machines or use a host file to define your internal website ip address.
First is better, second will work but is a pain to manage over the long
haul.

Regards,
Ed Horley

 

[Jimme Quinn Ross]

-----Original Message-----
In Kevin D. Goodknecht Sr. [MVP] <[email protected]> made a post then I
commented below him that.

Ok, I wasn't sure. That's what I thought. I guess if he doesn't post back,
hope he figures it out!



Ace


.
He did! Well, sort of. The entry I made is now working. I

need to learn more about DNS. Thanks again for your help!

Jimme

 

[Ace Fekay [MVP]]

In

He did! Well, sort of. The entry I made is now working. I
need to learn more about DNS. Thanks again for your help!

Jimme

Well, better late than never! Glad we were able to help.


Ace