Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS

Status
Not open for further replies.
SMO6

SMO6

Technical User
Feb 11, 2002
159
US
I've recently moved our webserver (Win2k/IIS) from the public side of our network to a DMZ I created which is behind a firewall. The firewall does NAT for the webserver so people on the outside can view the server's pages. This has been working fine w/ no problems. The problem I'm having is name resolution on our private network. I have a Win2k PDC running DNS. I added a new zone for the subnet of the webserver, a new host record for the webserver and a pointer. Private name resolution is working off and on. The only time I get proper resolution is when I clear client DNS config and reenter it. Then, after awhile the problem comes back. In the clients' DNS config I use the PDC's IP first then the two public IP's for DNS which our ISP gave us. Ideas? Any solution would do at this point even if it meant sitting down at every machine on the private network. Thanks.
 
Sort by date Sort by votes
My first guess would be that when your own DNS is too busy to respond, the clients go out to the internet for resolution, at that point the name resolves to the public IP address of your web server, not the private address.

Your firewall is probably not performing NAT for connections from your protected net to you DMZ, so there is no route possible.

You probably need to set up a second DNS server inside your network, and only have the clients point to those two servers. Do not allow them to fall back to the Internet for name resolution.

Or you get to figure out how to get the firewall to handle the NATing on a protected to DMZ network connection.


pansophic
 
Upvote 0 Downvote
fyi there is nat going on between here and dmz. the pix we have is config'd to allow traffic back and forth. server too busy? probably not: i have a laptop and a workstation in my office. the laptop runs win2k the workstation runs xp pro. ive noticed that the problem doesnt exist on the laptop. i've narrowed this problem down to my workstation, for now. just so you know i changed the 'append these suffixes (in order)' setting on my workstation to append the public domain first then the active directory domain next. not sure why...i just thought i'd try it and it seems to have fixed the problem.

thanks.
 
Upvote 0 Downvote
XP is different than Win2k or any previous Windows clients in that DNS is its primary name resolution method. See if the notes in this FAQ help any: faq779-4017
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TheDugsBaws
  • Locked
  • Question
DNS/VPN/IP Addressing
Replies
0
Views
106
TheDugsBaws
TheDugsBaws
Cybex1
  • Locked
  • Question
Analysis of TCP/UDP port 53(DNS) traffic in captured PCAP files.
Replies
1
Views
156
Cybex1
Cybex1
merrydown
  • Locked
  • Question
DNS, Glue Records and IPs After Plesk Server Migration
Replies
0
Views
60
merrydown
merrydown
ingram87
  • Locked
  • Article
How to Remotely Set IP Address, Gateway, Subnet, or DNS Servers
Replies
0
Views
96
ingram87
ingram87
FrustratedLaw
  • Locked
  • Question
DHCH Client and DNS fail to start
Replies
1
Views
69
Noway2
Noway2

Part and Inventory Search

Sponsor

Back
Top