Can DNS tricks do what an ISA Proxy server usually would? Visio Diagram inside

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi All,

I want to use DNS to split 1 real IP address to 2 different web servers
and 2 different email servers all on an internal private network.
Presently my Linksys BEFSR41 router directs all port 80 traffic to Web1
where I host 20 or so websites, but I want foo.com traffic to go to
Web2.

Same for Mail: All MX port 25 traffic goes to Mail1 server, but would
like foo.com mail to go to Mail2 server.

I have tried using clever DNS tricks but ultimately, I think I need MS
ISA server (Proxy/Firewall/NAT program) to do what I want?

If only I could get http requests for foo.com to read the RR record on
my DNS server that points to my internal web2 ip address. But DNS just
can't do this...can it?

The domain I want to isolate to Web2 is foo.com and I host the zone
files for this domain on my own internal W2k Adv Svr DNS server.

My network setup can be seen in this visio diagram here:
http://www.geocities.com/invisiblefoxx/network.jpg

The visio file itself, if you want to modify and publish corrected
version is here http://www.geocities.com/invisiblefoxx/network.vsd

My domain is foo.com.
I have one IP address (68.8.8.8) behind cable modem.
Behind cable modem is SysLink Router.
Behind that are 3 servers, 1 VM Workstation 5.0 and 2 real:

1.) Web Server 1 - 192.168.1.102 W2K Advanced Svr / DNS Server - Real
2.) Web Server 2 - 192.168.1.103 W2k3 Enterprise Svr / DNS Server -
VMWare
3.) Mail Server 192.168.1.100 Real box

Here is my exported zone Data from W2k DNS (I also have a W2k3 DNS
server as well)

Name Type Data
(same as parent folder) Start of Authority [14], foo.com.,
admin.foo.com.
(same as parent folder) Name Server foo.com.
(same as parent folder) Host 192.168.1.102 # private ip address
(same as parent folder) Host 68.8.8.8 # public ip
address
www Alias foo.com.
(same as parent folder) Mail Exchanger [3] mail.foo.com
mail Host 192.168.1.100
(same as parent folder) Host Information Galaxy M5 Silicon
Blackhole Array with optional Deluxe Star Turbo, Trouble in Doggie-Land
Operating System

----

Any input on how to use 1 real IP address to host 2 Web Servers and 2
Mail Servers? My best guess is that I would have to have my cable modem
go straight into a multihomed ISA server box, which would then go into
my Linksys router, which would connect all my other servers and clients?

Or have cable modem go to single net card VWMware host and use virtual
nics on the VMWare ISA Proxy server?

The problem right now is that my Linksys router can only forward one
port to one server. It doesn't forward based on domain name, much less
multiple domain names. If it did...done deal.

I hate the thought of having cable modem go straight to a real server,
even if it is an ISA firewall. I would rather have ethernet come into
Linksys Router first, and then to my network machines. Could I just
forward all ports to my "to be installed" ISA server?


Thanks!

Love,

Gurn Blanston
 
In
Answered in windows.server.dns.

It would have been to your advantage to have cross-posted than multi-posted
so you can see the responses in both groups simultaneously and get
collaboration from both groups.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
 
Yes, I know. Tried that, but for some weird reason easynews wasn't
letting me cross post. In fact, I haven't yet been able to post to
comp.protocols.dns.bind. They haven't gotten back with me yet as to why.

Sucks.

Thanks for the reply and the heads up! I could have been a complete n00b
:)

Love,

Gurn
 
In
Burt Reynolds said:
Yes, I know. Tried that, but for some weird reason easynews wasn't
letting me cross post. In fact, I haven't yet been able to post to
comp.protocols.dns.bind. They haven't gotten back with me yet as to
why.

Sucks.

Thanks for the reply and the heads up! I could have been a complete
n00b :)

Love,

Gurn

Burt Reynolds?

:-)
 
Back
Top