Sometimes DNS returns LAN IP for webserver and other times public IP? 3

[dalchri]

I have the following:

Domain controller: Win2k, 192.168.0.1
Web server: Win2k3, 192.168.0.2
DNS server: Linux RH9, 192.168.0.3
LAN Gateway: 192.168.0.254
LAN Gateway public IP address: 24.229.x.x

Website address:

http://www.mydomain.com

TCP STACK from WinXP client:
------------------------------------
Physical Address: 00-11-43-6C-03-E0
IP Address: 192.168.0.195
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.254
DHCP Server: 192.168.0.3
Lease Obtained: 10/17/2005 8:54:54 AM
Lease Expires: 10/18/2005 8:54:54 AM
DNS Servers: 192.168.0.3, 204.186.0.201, 207.44.96.129, 204.186.0.203
WINS Server: 192.168.0.3
------------------------------------

As you can see, the DNS points to the correct IP address with some backup DNS servers.

When I ping

http://www.mydomain.com

from the command prompt of a WinXP client, sometimes I get 192.168.0.2 and sometimes I get 24.229.x.x.

How can I force my DNS server to use the LAN IP address of the webserver so that my LAN clients are not accessing the webserver through our router instead of directly from the NIC of the webserver through the LAN?

I am trying to restrict access to parts of the website to 192.168.0.* using IIS 6.0 but my LAN clients are getting locked out too because they are going through the router which changes their apparent IP address.

I vaguely recall manually creating a DNS entry with the LAN IP address in the DNS tables on the Linux server but that either got overwritten when the DNS server differed to the DNS outside of the LAN or perhaps there is an ongoing battle between the webserver registering itself with the DNS server?

Thanks for suggestions!

 

[lgarner]

I'd suggest adding another DNS server for redundacy, then have your LAN clients point to those. They will, in turn, forward unknown queries to the Internet. This is the only way, short of using hosts files, to be certain that your clients don't contact internet DNS servers directly.

 

[dalchri]

Are you saying that the WinXP client actually got the public IP address for the webserver from one of the backup DNS servers rather than from the local LAN DNS server?

If so, how can I determine where the webserver IP address came from on the WinXP client?

Thanks for your help!

 

[pansophic]

It is likely that the time(s) that you get the public IP address of your Webserver it is because your local DNS server did not respond quickly enough (or the packet was dropped because of network traffic). The machine then did as it was told, and issued a request to the secondary or tertiary DNS server. Those servers would not be internal and would return the resolvable address.

It sounds like everything worked exactly as it should have. You'd have to check you DHCP settings to confirm that the secondary DNS server is outside of your network.

If you are having trouble with getting a secondary DNS request from the outside, you may want to install a secondary caching nameserver inside your domain, so that your primary and secondary DNS comes from inside. You definitely want the redundancy, and setting up a Linux box as a DNS server, especially a caching server, is pretty easy.


pansophic

 

[KarveR]

If so, how can I determine where the webserver IP address came from on the WinXP client?

nslookup mydomain.com

it will tell you where the address came from.

______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.