Resolving internal and external DNS records

  • Thread starter Thread starter certolnut
  • Start date Start date
C

certolnut

Hi all

I only do networking rarely, unfortunately this has fallen into my lap..

Our firewall will not allow our internal computers to resolve our external
addresses for security purposes.

For example.. if the internal name and ip address of our web server is
"AAAwebserver" and "10.1.1.7"
the external name would be www.AAA.com .net or .org.
and 67.100.345.77

So if my internal users type in www.aaa.com, the browser will attempt to go
to 67.100.345.77, but the firewall will block it (it won't allow this set of
internal to external to internal query). So I am forced to tell my users to
go to http://AAAwebserver/ instead, which is very confusing to them.

Is there some sort of DNS record that I can add to my internal network that
will allow me to resolve www.aaa.com to 10.1.1.7?

Thanks, I'm sure this is clear as mud...
 
certolnut said:
Hi all

I only do networking rarely, unfortunately this has fallen into my lap..

Our firewall will not allow our internal computers to resolve our external
addresses for security purposes.

For example.. if the internal name and ip address of our web server is
"AAAwebserver" and "10.1.1.7"
the external name would be www.AAA.com .net or .org.
and 67.100.345.77

So if my internal users type in www.aaa.com, the browser will attempt to
go
to 67.100.345.77, but the firewall will block it (it won't allow this set
of
internal to external to internal query). So I am forced to tell my users
to
go to http://AAAwebserver/ instead, which is very confusing to them.

Is there some sort of DNS record that I can add to my internal network
that
will allow me to resolve www.aaa.com to 10.1.1.7?
Click to expand...

No, not exactly. What you need to do is change the INTERNAL
(view) of your external zone to provide ONLY the internal
(reachable) addresses to internal users.

If you don't actually have a Shadow DNS (split DNS) setup then
you need to add a NEW version of your zone externally. This
means you will have two Primaries (masters), one external and
one internal. This also means you must manually add records
twice, once for the external version and again for the internal
version (of the zone.)
 
In
certolnut said:
Hi all

I only do networking rarely, unfortunately this has fallen into my
lap..
Our firewall will not allow our internal computers to resolve our
external addresses for security purposes.

For example.. if the internal name and ip address of our web server is
"AAAwebserver" and "10.1.1.7"
the external name would be www.AAA.com .net or
.org. and 67.100.345.77

So if my internal users type in www.aaa.com, the browser will attempt
to go to 67.100.345.77, but the firewall will block it (it won't
allow this set of internal to external to internal query). So I am
forced to tell my users to go to http://AAAwebserver/ instead, which
is very confusing to them.
Is there some sort of DNS record that I can add to my internal
network that will allow me to resolve www.aaa.com to 10.1.1.7?

Thanks, I'm sure this is clear as mud...
Click to expand...

Simply put, as the others stated but just to simplify what you need to do,
create an aaa.com zone on your internal DNS, and create a www record under
it, and provide the 10.1.1.7 for the IP address.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If you are having difficulty in reading or finding responses to your post,
instead of the website you are using, if I may suggest to use OEx (Outlook
Express or any other newsreader of your choosing), and configure a newsgroup
account, pointing to news.microsoft.com. This is a direct link into the
Microsoft Public Newsgroups, and it is FREE and DOES NOT require a Usenet
account with your ISP. With OEx, you can easily find your post, track
threads, cross-post, and sort by date, poster's name, watched threads or
subject.

Not sure how? It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Assimilation Imminent. Resistance is Futile.
Infinite Diversities in Infinite Combinations.
=================================
 
Back
Top