Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DMZ publc DNS

Status
Not open for further replies.
scmoh

scmoh

Technical User
Aug 28, 2001
59
0
0
SG
Hi,

I have 2 networks in internal network and dmz network.

Internal network have 2 DNS servers to resolve name in both internal, dms hosts and public sites, dms network only have a public dns to resolve name in dmz host with public host name with public ip address (no internal ip address).

Recently, application vendor said that one of the application server cannot resolve host name in the dmz (based on internal ip address).

Need your help:
1. can i use the same dmz dns server to resolve dms hosts with internal address?
2. how to setup one internal dmz zone (192.168.x.x) and without forwards to public isp, if can use the same dms dns server.

Please advise.

with regards,
SC Moh
 
Sort by date Sort by votes
Speaking generically, yes, your DNS server can reside in a DMZ and it can be used to resolve names and addresses for your LAN zone. Your DNS server will need a zone file and be configured to be authoritative for the zones you wish it to resolve for. You can then point your LAN PCs at the server and it should resolve the addresses. The tricky part will be getting the traffic to the server as you will likely require either an NAT rule or a static route to be able to get traffic between your LAN and DMZ. I would also recommend a set of firewall rules to limit the scope of the allowed traffic to queries of the DNS and the related response; in other words traffic should not be allowed to originate from your DNS in the DMZ to your LAN.

application vendor said that one of the application server cannot resolve host name in the dmz (based on internal ip address)
Click to expand...
It would be better to address this type of question with actual data, events, and error messages. There are lots of reasons why it "couldn't resolve". For example, did the connection time out, was the query refused, or did it give a 'failure' indicating a problem with the zone configuration? Each of these conditions would result in a failure to resolve but they have different resolutions.


 
Upvote 0 Downvote
Hi Noway2,

Thank you on your note.

In the DMZ network, can i use one DNS server to resolve all DMZ hosts with public ip address (as the main DNS server and ISP as the secondary DNS server) and with the same DNS server to resolve all DMZ hosts with internal ip address ?

Please advise.

with regards,
SC Moh
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
2K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
2K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
3K
tbright
tbright
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
2K
Richard Carter
Richard Carter
rvirene
  • Locked
  • Question
MS DNS / Powershell Script Question
Replies
2
Views
2K
rvirene
rvirene

Part and Inventory Search

Sponsor

Back
Top