In
frank said:
Hi,
I have a server that runs as NAT server too. I created a DNS zone for
the domain. The records were filled automatically with both IPs of
the server (local and public). I tried to change the order of the IPs
in the record so that the public one is the first in the list but
nothing changes, The server announces 192.168.1.1 as its IP. I didn't
remove the local IP because I thought the local computers would get
faster access to the server than sending all packets to the outside
network card. How can I set DNS to return local IP only to internal
users? Thank you.
Frank
Frank, is the purpose of this DNS server to host public records, internal
records, or both? Is the internal usage for an AD installation? Can you
elaborate on the purpose of this server please?
You are seeing one of the classic problems with multihoming a DNS server.
Keep in mind, DNS will respond with an IP based on subnet priortization. If
an internal client that resides on the internal subnet of the internal NIC,
the client will get the internal private IP. If the client is on a different
internal subnet, then Round Robin kicks in place. IN addition, if it's a NAT
server, if the public IP were to be given to an internal client, the
request, a NAT server cannot take an internal request to the external
interface and forward it back in again. THat's a limitation of NAT (no
matter what name brand).
If I may suggest, if you are trying to host public and private data, two
separate servers will be required. One for private data, one for public
data. In addition, the DNS server is highly recommended not to be
multihomed, and will also suggest to purchase an inexpensive (USD$30.00)
LInksys router to handle NAT.
There are registry entries to force de-registration of the external,
internal or both IPs, and the LdapIpAddress and GcIpAddress as well, but not
sure if itw ill apply to your case since I do not know enought about the
intentions, your infrastructure or the purpose of this machine.
--
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.