Newbie - Point NetSol domain to webserver?

[K Herner]

I have purchased a domain name from Network Solutions. I would like to
point the domain to my Web server (which has a public static IP).

This server, let's call it X, is behind a NAT-configured LAN. There is
an additional AD controller, Y, which has a DNS server configured for
internal requests.

I have allowed UDP port 53 and pointed it to X, to allow DNS requests
from the Internet.

1) When I setup my DNS I get asked what the DNS name should be. Should
it be domain.com, or www.domain.com or something else?

2) After I enter the name, I have added a Host (A) record pointing to
the internal IP of my webserver (i.e. www.domain.com -> 192.168.0.50).
Is this right?

3) How do I point my domain to my web server? On the Netsol account
manager, I have edited the DNS entries to point to my DNS server. I
get asked the hostname of the DNS server. Should that match the one in
1? The IP I set as the public IP given by my ISP.

Now the real question is: Will this work?

I'm a newcomer to all this, and it is somewhat confusing.

Thanks

 

[Herb Martin]

I have purchased a domain name from Network Solutions. I would like to
point the domain to my Web server (which has a public static IP).

First you point the domain name (by registering with the parent zone)
to your DNS servers.

If the registrar is providing you DNS then you enter your Host records
on their DNS servers (usually a web page entry method is provided) or
you enter them in your own PUBLICLY addressed DNS server(s).

This server, let's call it X, is behind a NAT-configured LAN. There is
an additional AD controller, Y, which has a DNS server configured for
internal requests.

You point the PUBLIC DNS to the outside of the NAT, and configure
the NAT to 'map' or 'forward' to the internally addressed server. The
world cannot reach the interal server directly.

The internal DNS cannot (easily) be your public DNS server and you
are generally expected to have TWO DNS servers anyway.

Consider having the Registrar hosts your DNS -- it is much better for
small companies. I run my own DNS but have MY REGISTRAR provide
the public DNS servers.

If yours doesn't provide this service switch to one that does -- I use
Register.Com

I have allowed UDP port 53 and pointed it to X, to allow DNS requests
from the Internet.

This is the other way.

1) When I setup my DNS I get asked what the DNS name should be. Should
it be domain.com, or www.domain.com or something else?

The name is pretty irrelevant (most people use NS1 and NS2 or something
similar) for DNS servers as it is the ADDRESS that is really the issue.

I wouldn't use WWW since the DNS is on the AD (and may get moved
elsewhere) and the Web server is a different box.

An IP machine can have as many 'names' as you see fit.

2) After I enter the name, I have added a Host (A) record pointing to
the internal IP of my webserver (i.e. www.domain.com -> 192.168.0.50).
Is this right?

Won't help the public get to you -- you need the DNS name and a PUBLIC
ADDRESS (the NAT). See what I mean about it being easier to have the
Registrar host this stuff.

3) How do I point my domain to my web server? On the Netsol account

That's the (relatively) easy part -- after you get your DNS to work then
you add the A-host record for WWW with the EXTERNAL address of
the NAT and again map/forward the NAT on (probably) port 80 to the
internal web server address.

manager, I have edited the DNS entries to point to my DNS server. I
get asked the hostname of the DNS server. Should that match the one in
1? The IP I set as the public IP given by my ISP.

Now the real question is: Will this work?

If you do it right with the EXTERNAL address(es) ONLY on the
external DNS-domain registration.

I'm a newcomer to all this, and it is somewhat confusing.

Almost all of us have been confused by this at some point <grin>.
(Really)

 

[stevta [MSFT]]

Your internal domain name is , domain.com now?
If it is you create a forward lookup zone for domain.com
and create a host record for www.domain.com and point it
to your web server.
You will have to register your web server www.domain.com
with some authority that will provide registration accross
the internet. No one on the internet is going to know that
your internal DNS server is authorative for www.domain.com.

 

[K Herner]

Thanks for your reply...I'm still a bit unclear about some things
though - in particular the DNS setup on both the internal and external
servers.

My AD controller (the internal server), has been configured with the
domain 'domain.com'. Should I configure the DNS there to have
authority over what scope of my network? domain.com, or some
sub-section? Will I also need to forward requests (for external
addresses) to my 'external' DNS server?

On the 'external' server, how do I set the authority of the Forward
Lookup zone? 'domain.com' or www.domain.com?, or
'webserver.domain.com'? As I originally said, I have allowed requests
through port 53 to go though the NAT to this machine. Now having
desginated, on the Netsol website, my DNS server as <public-IP> (as I
understand it, the following should happen):

1) Someone pings www.domain.com
2) Netsol reports the DNS server for this domain as <public-IP>
3) Client asks <public-ip> for the IP address of www.domain.com

Now, what Host record should I have in my external DNS server? (I
thought of www.domain.com -> <webserver-public-IP>

4) External DNS replies with <webserver-public-IP>
5) Job done...

It sounds easy...the problem is that the DNS changes to my domain will
take up to 72 hours to get propagated, so I cannot test whether it
works or not at the moment...

Thanks again

 

[Ace Fekay [MVP]]

In

I have purchased a domain name from Network Solutions. I would like to
point the domain to my Web server (which has a public static IP).

This server, let's call it X, is behind a NAT-configured LAN. There is
an additional AD controller, Y, which has a DNS server configured for
internal requests.

I have allowed UDP port 53 and pointed it to X, to allow DNS requests
from the Internet.

1) When I setup my DNS I get asked what the DNS name should be. Should
it be domain.com, or www.domain.com or something else?

2) After I enter the name, I have added a Host (A) record pointing to
the internal IP of my webserver (i.e. www.domain.com -> 192.168.0.50).
Is this right?

3) How do I point my domain to my web server? On the Netsol account
manager, I have edited the DNS entries to point to my DNS server. I
get asked the hostname of the DNS server. Should that match the one in
1? The IP I set as the public IP given by my ISP.

Now the real question is: Will this work?

I'm a newcomer to all this, and it is somewhat confusing.

Thanks

To add, if you have an AD environment on your network, you'll need a
separate DNS server if you wish to host your external domain name and the AD
name. This is due to hosting public IPs on the public server and private IPs
for the internal server. You can't have them on one MS DNS server.

As noted by Herb, the world can't reach the servers directly or by their
private IPs. So the addresses you have to give the "world" is the address of
your NAT's outside interface and not an internal IP, hence the requirement
to have separate servers.

Besides, the registrar requires two hostname servers registered for each
domain name. But you can't port-remap an incoming port to two different
internal IPs. That's a NAT limitation that it will only port remap one port
per internal IP. So, effectively, you'll need 3 DNS servers, two as per the
requirement for public IPs, and one for the internal AD domain. I've known
folks that create two but only the one really exists to skirt around that
issue. Your call on that one.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

Thanks for your reply...I'm still a bit unclear about some things
though - in particular the DNS setup on both the internal and external
servers.

My AD controller (the internal server), has been configured with the
domain 'domain.com'. Should I configure the DNS there to have
authority over what scope of my network? domain.com, or some
sub-section? Will I also need to forward requests (for external
addresses) to my 'external' DNS server?

On the 'external' server, how do I set the authority of the Forward
Lookup zone? 'domain.com' or www.domain.com?, or
'webserver.domain.com'? As I originally said, I have allowed requests
through port 53 to go though the NAT to this machine. Now having
desginated, on the Netsol website, my DNS server as <public-IP> (as I
understand it, the following should happen):

1) Someone pings www.domain.com
2) Netsol reports the DNS server for this domain as <public-IP>
3) Client asks <public-ip> for the IP address of www.domain.com

In a nutshell, that's pretty much it.

Now, what Host record should I have in my external DNS server? (I
thought of www.domain.com -> <webserver-public-IP>

www is the host record.
Create that record under the domain name and give it the NAT box's external
IP.

4) External DNS replies with <webserver-public-IP>
5) Job done...

It sounds easy...the problem is that the DNS changes to my domain will
take up to 72 hours to get propagated, so I cannot test whether it
works or not at the moment...

Thanks again

Sorry about elaborating on the need for the separate servers in my other
post before I read your reply here, since now I realize you're aware of it.


In summary:

The external server would host domain.com.

The internal server, if your AD name is also domain.com, would host that
too.

Point all your internal machines only to your internal server. Set a
forwarder for your internal servers to go to your external one or the ISP. I
would rather use the ISP in this case to eliminate the extra hop.

In NAT, port-remap TCP and UDP 53 to the internal private IP of the
"external" server.

On the external server, create a www record, and give it the IP of the
external NAT interface. This is for external users to get to it by
www.domain.com.

On the internal server, create a www record, and give it the actual internal
private IP. This way your internal users can get to it by www.domain.com.

Hope that helps.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Herb Martin]

Thanks for your reply...I'm still a bit unclear about some things
though - in particular the DNS setup on both the internal and external
servers.

My AD controller (the internal server), has been configured with the
domain 'domain.com'. Should I configure the DNS there to have
authority over what scope of my network? domain.com, or some
sub-section?

Domain.com is you domain name so you need the DNS zone Domain.Com
to correspond to and support it.

Will I also need to forward requests (for external
addresses) to my 'external' DNS server?

You will need to FORWARD (usually to the ISP) to let the internal
Server (help) resolve external names for clients. (DCs really have
no business going out on the Internet to arbitray locations anyway,
as they would need to do if they performed the actual recursion to
resolve Internet names.)

On the 'external' server, how do I set the authority of the Forward
Lookup zone? 'domain.com' or www.domain.com?, or
'webserver.domain.com'?

You are using the phrase "set the authority" or "authority of the Forward
lookup zone" in an unusual way.

ALL AD-integrated DNS servers OR the Primary DNS server AND
all Secondary Servers are "authoritative" for the zone they cover -- perhaps
many zones if they play such roles for more than one zone.

You make a DNS server authoritative by adding the zone to it -- you let
the "world" know about this by having the PARENT delegate.

It is impractical for most people to delegate from the PUBLIC INTERNET
to an Internal Server (not impossible but impractical and I am encouraging
you to give that idea up.)

As I originally said, I have allowed requests
through port 53 to go though the NAT to this machine. Now having
desginated, on the Netsol website, my DNS server as <public-IP> (as I
understand it, the following should happen):

This is part of what is necessary for that Public to Private internal
delegation
and is generally a bad idea (and difficult to keep working with a low
experience
level.)

1) Someone pings www.domain.com
2) Netsol reports the DNS server for this domain as <public-IP>
3) Client asks <public-ip> for the IP address of www.domain.com

Now, what Host record should I have in my external DNS server? (I
thought of www.domain.com -> <webserver-public-IP>

Yes, perhaps which messes up your Internal resolution while fixing your
external resolution.

Again, this stuff is not impossible but it is highly impractical.

Put the external DNS OUTSIDE (even if you must run a DNS on the
NAT server, but better is to let your "Registrar" sell/give you this
service --
this is even better than letting the ISP do it because usually the registrar
has a nice web interface YOU get to manage and you are much more
likely to NEED to change ISPs.

4) External DNS replies with <webserver-public-IP>
5) Job done...

It sounds easy...the problem is that the DNS changes to my domain will
take up to 72 hours to get propagated, so I cannot test whether it
works or not at the moment...

That's life -- once you get your DNS server registered with the parent this
problem will subside.

 

[K Herner]

Herb and Ace, thanks very much for your suggestions...they really
cleared up things for me. Today, I was surprised to see that the DNS
changes had taken effect, and that the external DNS server works fine
(no reconfigs, straight away )

Now to install IIS 6.0...
(BTW. Would anyone recommend Apache instead of IIS?)

Cheers,
K Herner

 

[Herb Martin]

Herb and Ace, thanks very much for your suggestions...they really
cleared up things for me. Today, I was surprised to see that the DNS
changes had taken effect, and that the external DNS server works fine
(no reconfigs, straight away )

Now to install IIS 6.0...
(BTW. Would anyone recommend Apache instead of IIS?)

Someone would but not us. <grin>

I like IIS; I could live with Apache if that were my only choice.

 

[Ace Fekay [MVP]]

In

Herb and Ace, thanks very much for your suggestions...they really
cleared up things for me. Today, I was surprised to see that the DNS
changes had taken effect, and that the external DNS server works fine
(no reconfigs, straight away )

No prob!

Now to install IIS 6.0...
(BTW. Would anyone recommend Apache instead of IIS?)

Cheers,
K Herner

I rather go with IIS. Been using it since 1996 since v3.0.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory