Sign in with
Sign up | Sign in
Your question

DNS Resolution in a DMZ

Last response: in Windows 2000/NT
Share
Anonymous
September 15, 2004 2:17:54 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

I'm trying to join a server to a domain from a NATd subnet in a DMZ. However
because of the NAT the DNS lookup is resolving to the real IP address of the
DC's when looking for SRV records. Has anyone got a work around for this
that does not require RRAS or ISA Server?
Thanks
Dave

More about : dns resolution dmz

Anonymous
September 15, 2004 3:07:53 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:uqBRqZymEHA.3452@TK2MSFTNGP15.phx.gbl,
Dave Turner <davet@logic.bm> made a post then I commented below
> I'm trying to join a server to a domain from a NATd subnet in a DMZ.
> However because of the NAT the DNS lookup is resolving to the real IP
> address of the DC's when looking for SRV records. Has anyone got a
> work around for this that does not require RRAS or ISA Server?
> Thanks
> Dave

Unfortunately, domain communication cannot traverse a NAT device, due to RPC
and Kerberos traffic. The best bet is to use a VPN. One other way I;ve seen
this done is to use dual cards on the machine in the DMZ where one of the
cards is connected to the internal subnet. Put that on the top of the
binding order, and specify the internal private IP of the DNS server on both
cards. THis member server will still resolve external names due to your
internal DNS forwarding to the Internet for outside resolution (if setup by
the 'best practices' method).

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
!