Internet DNS, pinging www vs. " ", & Secondary DNS showing own local IP vs WAN

[Cobra]

Just starting to get the hangs of things running my own Namerservers, but
got a few more questions;

Computer A= Windows 2003 SBS, AD, server01.mycomputer.local, Primary MS-DNS
server. HELM Hosting panel, ns1.myservers.net

Computer B=Windows 2000 Server, No AD, server02.different.local, MS-DNS
secondary, ,ns3.myservers.net

1 - how to make mysite.com and www.mysite.com both work (can not ping
mysite.com) , I notice my HELM hosting panel used on computer "A" makes a
DNS host entry as "*" which I would think it would allow me to ping
mysite.com but I need to add a "blank" DNS host file to ping mysite.com -
is this the right way ? or should I use a "CNAME" or somthing, right now
mail, www, *, ftp, " ", are all "(A)Host" Files.

2) My secondary DNS server which also hosts websites listed in its DNS, The
DNS host files will show LAN IP address instead of the WAN IP when it takes
updates from the Primary DNS which lists its WAN IP, it works, but is this
right ?

Thanks,

Bryan "Cobra"

 

[Kevin D. Goodknecht [MVP]]

In

Just starting to get the hangs of things running my own Namerservers,
but got a few more questions;

Computer A= Windows 2003 SBS, AD, server01.mycomputer.local, Primary
MS-DNS server. HELM Hosting panel, ns1.myservers.net

Computer B=Windows 2000 Server, No AD, server02.different.local,
MS-DNS secondary, ,ns3.myservers.net

1 - how to make mysite.com and www.mysite.com both work (can not ping
mysite.com) , I notice my HELM hosting panel used on computer "A"
makes a DNS host entry as "*" which I would think it would allow me
to ping mysite.com but I need to add a "blank" DNS host file to ping
mysite.com - is this the right way ? or should I use a "CNAME" or
somthing, right now mail, www, *, ftp, " ", are all "(A)Host" Files.

Blank CNAMES are not allowed, you will have to use a blank host.

2) My secondary DNS server which also hosts websites listed in its
DNS, The DNS host files will show LAN IP address instead of the WAN
IP when it takes updates from the Primary DNS which lists its WAN IP,
it works, but is this right ?

It depends on if this DNS server also hosts the zone for public resolution,
if it does host the public zone it is incorrect.
You must treat the internal and external namespaces as _two_ _completely_
_different_ _namespaces_, even if the name is the same.
Internal machines that are behind NAT with web, mail, and other services
local to them must use private non-routable IP addresses to connect to these
services, you cannot access them by their public addresses if they are
behind the same NAT device.
Public machines that are not behind your NAT device can only access by
public routable IP addresses.
These two namespaces should be resolved by two completely different DNS
servers or you will have inconsistent resolution because you have little
control over which record DNS hands out. You may have public machines
getting private addresses and local machines getting public records.

 

[Cobra]

Kevin,

Thanks for the help, but I am confused a bit still.

Both machines are dedicated Public Only machines, currently behind a DLink
DI-604 DSL Routers (Soon to be Pix 501's) NATing the Public IP to the LAN IP

In neither location do the machines handle any internal clients in anyways.
(Ones a single machine in a Hosting Facility, and one is on a Cisco ADSL
Modem line that goes to a 5 port switch then to the DLink Router and has
its own WAN IP - Rest of network is on a seperate DLink and WAN IP from the
switch - I have 5 statics)

So if the secondary DNS keeps replacing the WAN with the LAN IP when
replicating/updating, how do I stop this, I am using the secondary WAN IP on
the primary when I create a Host Record that points to the secondary's IP

Thanks, Bryan

 

[Kevin D. Goodknecht [MVP]]

In

Kevin,

Thanks for the help, but I am confused a bit still.

Both machines are dedicated Public Only machines, currently behind a
DLink DI-604 DSL Routers (Soon to be Pix 501's) NATing the Public IP
to the LAN IP

In neither location do the machines handle any internal clients in
anyways. (Ones a single machine in a Hosting Facility, and one is on
a Cisco ADSL Modem line that goes to a 5 port switch then to the
DLink Router and has its own WAN IP - Rest of network is on a
seperate DLink and WAN IP from the switch - I have 5 statics)

So if the secondary DNS keeps replacing the WAN with the LAN IP when
replicating/updating, how do I stop this, I am using the secondary
WAN IP on the primary when I create a Host Record that points to the
secondary's IP

Are either of the machines an Active Directory Domain Controller?
If they are describe your namespaces to me.

 

[Cobra]

Kevin,

Thanks again, not sure what you mean by namespaces, But yes the Primary DNS
server is AD being that its Windows 2003 SBS, the Secondary DNS machine is a
Windows 2000 Server with No AD.

Primary is server01.mydomain.local
Secondary is server2.different.local

nameservers are ns1.mydomain.net and ns3.mydomain.net

Hope that answers your question, if not explain to me what you mean
"describe your namespaces", sorry still a newbie at this....

Thanks, Bryan

 

[Kevin D. Goodknecht [MVP]]

In

Kevin,

Thanks again, not sure what you mean by namespaces, But yes the
Primary DNS server is AD being that its Windows 2003 SBS, the
Secondary DNS machine is a Windows 2000 Server with No AD.

Primary is server01.mydomain.local
Secondary is server2.different.local

nameservers are ns1.mydomain.net and ns3.mydomain.net

Hope that answers your question, if not explain to me what you mean
"describe your namespaces", sorry still a newbie at this....

Yes it answers, thanks for the reply.
I was worried that your AD domain name might be the same as your public
name. This can cause big problems when the Domain Controller or its members
resolve their names if you are hosting the public DNS zone on the same DNS.
Back to your original questions,
Your secondary DNS zone, if it is a Secondary should have the same records
pointing to the same IP addresses.
If the DNS zone is a public zone resolving for public clients, all records
_MUST_ resolve to public IP addresses, never let a Public DNS give out a
Private address, _never_.

 

[Kevin D. Goodknecht [MVP]]

In Kevin D. Goodknecht [MVP] <[email protected]> posted a question
Then Kevin replied below:
In addition:

Blank CNAMES are not allowed, you will have to use a blank host.

When you try to create a Blank host, you will get barked at saying (same as
parent folder) is not a valid host name, you can click OK the create the
record anyway.