Port forwarding and DNS confusion

Archived from groups: microsoft.public.win2000.dns (More info?)

On Tue, 14 Sep 2004 21:45:03 -0700, "Ryan"
<Ryan@discussions.microsoft.com> wrote:

>In a split DNS setup do you need to forward ports on the router to speak to
>internal servers?

In *any* DNS setup, if systems on the LAN side using private IP
addresses need to be accessed from the WAN side using public IP
addresses you need to translate the IP's, which is what you refer to
as forwarding the ports.

>All servers, web, FTP, Exchange would have internal addresses.
>I would have the external DNS (on a DMZ& hosting only external zone) have
>all the appropriate records to the internal servers with appropriate IP's.
>Also an internal DNS hosting the local zone with appropriate records and IP's.
>If you had ports forwarded directly to the internal servers wouldnt this
>'bypass' DNS? I think Im missing something....

I think so too. But it's not really a DNS problem if internal systems
need to be accessed by external systems, that's a routing and
firewalling issue. For DNS resolution, you normally would exclude
your internal addressing from external use. But then normally you'd
want external-facing servers to be in a DMZ and accessible by public
IP, not internal to your LAN.

Jeff