totally screwed up :/

  • Thread starter Thread starter Eric
  • Start date Start date
E

Eric

OK! Back to the drawing board. We have:

- An internal network with clients that log on to an win2k-server dhcp,
let's call it mainframe. We also have exchange server on this computer.
- A firewall.
- A webserver that's in the dmz, let's call it webserver.

The trafic goes through the firewall on one wire to the webbserver in the
dmz, and on another wire to the rest of the net (where the mainframe is).

The problem (as I described it yesterday) is that we can't use the full
domain name from the clients *inside*the firewall, ie not use
www.domain.com, and we want that. Kevin D helped me out yesterday by
suggesting that we created a www.domain.com -zone with the ip to the
webserver. That worked great but what I didn't know was that the mainframe
(where I pulled this trick) acts as the primary DNS-server so now all the
nameservers on the Internet points to an internal adress that doesn't
work...

The thing is that the guy who set this EXCELLENT sollution up is long gone,
and I ain't good at it, but that's how it is.

It *seems* like AD is used, and it seems like the webbserver acts as an
secondary DNS (I don't know the use of that because we have a DNS from our
ISP as well) but any ideas of how to get things rolling?

/e
 
Eric said:
OK! Back to the drawing board. We have:

- An internal network with clients that log on to an win2k-server
dhcp, let's call it mainframe. We also have exchange server on this
computer.
- A firewall.
- A webserver that's in the dmz, let's call it webserver.

The trafic goes through the firewall on one wire to the webbserver in
the dmz, and on another wire to the rest of the net (where the
mainframe is).

The problem (as I described it yesterday) is that we can't use the
full domain name from the clients *inside*the firewall, ie not use
www.domain.com, and we want that. Kevin D helped me out yesterday by
suggesting that we created a www.domain.com -zone with the ip to the
webserver. That worked great but what I didn't know was that the
mainframe (where I pulled this trick) acts as the primary DNS-server
so now all the nameservers on the Internet points to an internal
adress that doesn't work...
Click to expand...

Well, that won't work. Are you hosting your domain's public DNS in house?
Not a good idea unless you have a separate DNS server for it - do not use
your AD DNS as your public DNS. Generally best for small shops to leave
their public DNS outsourced - ISPs generally do this, or you can pay someone
else, or find a free service.
The thing is that the guy who set this EXCELLENT sollution up is long
gone, and I ain't good at it, but that's how it is.

It *seems* like AD is used, and it seems like the webbserver acts as
an secondary DNS (I don't know the use of that because we have a DNS
from our ISP as well) but any ideas of how to get things rolling?
Click to expand...

If you have a Win2k domain, you have AD. What's your internet domain name,
if you don't mind my asking?

The solution is to have two DNS servers, as I said - one for inside, one for
outside. For the AD DNS, remember that all servers and workstations should
specify *only* the internal AD-integrated DNS server's IP address in their
network settings. The AD-integrated DNS server should be set up with
forwarders to your ISP's DNS servers for external resolution. See
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202 for more
info.
 
ok, we changed some pointers in the firewall and now it seems to be working.
thanks for everyone's help, really appreciating it!

/e
 
In
Eric said:
ok, we changed some pointers in the firewall and now it seems to be
working. thanks for everyone's help, really appreciating it!

/e
Click to expand...

Eric,

This is the same post in the windows.server.dns newsgroup. You responded
with the same answer. Too bad you didn't cross-post the original post, it
would have been beneficial for colaboration.

btw - Can you tell us what the outcome was?

Ace
 
Back
Top