DNS does not resolve NAT address

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Q.) How can I set up our internal DNS so that our public
name is resolved to our private IP address?

Info.
We have an internal DNS that works fine inside the firewall

The public address for our Web site is not resolved
because we can't use NAT'd address' internally.

Jimme

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:291401c4a1ac$e856dc70$a601280a@phx.gbl,
Jimme Quinn Ross <jimme@lbdc.state.ny.us> commented
Then Kevin replied below:
> Q.) How can I set up our internal DNS so that our public
> name is resolved to our private IP address?
>
> Info.
> We have an internal DNS that works fine inside the
> firewall
>
> The public address for our Web site is not resolved
> because we can't use NAT'd address' internally.
>
> Jimme

By creating a zone for the web site name, e.g. www.example.com then in that
zone, create a new host leave the name field blank and give it the IP of the
Web server.
This way your DNS server only resolves www.example.com to the internal IP
and all other names in example.com will be forwarded.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Fantastic! It worked! Thanks you very much.

It resolved nyslrs.state.ny.us fine, but when I added a
zone named public.leginfo.state.ny.us it did not resolve.
I will need to add several more but do not have the names.

Any thoughts?

Jimme

>-----Original Message-----
>In news:291401c4a1ac$e856dc70$a601280a@phx.gbl,
>Jimme Quinn Ross <jimme@lbdc.state.ny.us> commented
>Then Kevin replied below:
>> Q.) How can I set up our internal DNS so that our public
>> name is resolved to our private IP address?
>>
>> Info.
>> We have an internal DNS that works fine inside the
>> firewall
>>
>> The public address for our Web site is not resolved
>> because we can't use NAT'd address' internally.
>>
>> Jimme
>
>By creating a zone for the web site name, e.g.
www.example.com then in that
>zone, create a new host leave the name field blank and
give it the IP of the
>Web server.
>This way your DNS server only resolves www.example.com to
the internal IP
>and all other names in example.com will be forwarded.
>
>--
>Best regards,
>Kevin D4 Dad Goodknecht Sr. [MVP]
>Hope This Helps
>===================================
>When responding to posts, please "Reply to Group"
>via your newsreader so that others may learn and
>benefit from your issue, to respond directly to
>me remove the nospam. from my email address.
>===================================
>http://www.lonestaramerica.com/
>===================================
>Use Outlook Express?... Get OE_Quotefix:
>It will strip signature out and more
>http://home.in.tum.de/~jain/software/oe-quotefix/
>===================================
>Keep a back up of your OE settings and folders
>with OEBackup:
>http://www.oehelp.com/OEBackup/Default.aspx
>===================================
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:311601c4a24d$ae172370$a601280a@phx.gbl,
anonymous@discussions.microsoft.com <anonymous@discussions.microsoft.com>
commented
Then Kevin replied below:
> Fantastic! It worked! Thanks you very much.
>
> It resolved nyslrs.state.ny.us fine, but when I added a
> zone named public.leginfo.state.ny.us it did not resolve.
> I will need to add several more but do not have the names.
>

Did you create the blank record with this IP address?
public.leginfo.state.ny.us. 86400 IN A 68.236.129.8



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23$lbQ0noEHA.2684@TK2MSFTNGP11.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> made a post then I
commented below
> In news:311601c4a24d$ae172370$a601280a@phx.gbl,
> anonymous@discussions.microsoft.com
> <anonymous@discussions.microsoft.com> commented
> Then Kevin replied below:
>> Fantastic! It worked! Thanks you very much.
>>
>> It resolved nyslrs.state.ny.us fine, but when I added a
>> zone named public.leginfo.state.ny.us it did not resolve.
>> I will need to add several more but do not have the names.
>>
>
> Did you create the blank record with this IP address?
> public.leginfo.state.ny.us. 86400 IN A 68.236.129.8

I think that may be his WAN IP address of his NAT. Wasn't he asking for the
internal address?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:uys9CfDpEHA.2900@TK2MSFTNGP12.phx.gbl,
Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com>
commented
Then Kevin replied below:
> In news:%23$lbQ0noEHA.2684@TK2MSFTNGP11.phx.gbl,
> Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> made
> a post then I commented below
>> In news:311601c4a24d$ae172370$a601280a@phx.gbl,
>> anonymous@discussions.microsoft.com
>> <anonymous@discussions.microsoft.com> commented
>> Then Kevin replied below:
>>> Fantastic! It worked! Thanks you very much.
>>>
>>> It resolved nyslrs.state.ny.us fine, but when I added a
>>> zone named public.leginfo.state.ny.us it did not
>>> resolve. I will need to add several more but do not
>>> have the names.
>>>
>>
>> Did you create the blank record with this IP address?
>> public.leginfo.state.ny.us. 86400 IN A
>> 68.236.129.8
>
> I think that may be his WAN IP address of his NAT. Wasn't
> he asking for the internal address?

You're so right, I guess there's no way for me to tell him that.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:OguDSrDpEHA.1668@TK2MSFTNGP14.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> made a post then I
commented below
>>
>> I think that may be his WAN IP address of his NAT. Wasn't
>> he asking for the internal address?
>
> You're so right, I guess there's no way for me to tell him that.

Ok, I wasn't sure. That's what I thought. I guess if he doesn't post back,
hope he figures it out!



Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Are you using the internal DNS server to answer external queries? In other
words, you have a NAT mapping on your firewall that allows external clients
to connect to your internal DNS server? That seems to be what you are
saying.
If that is the case, your entries on your internal DNS server are for
external IP addresses (not rfc 1918 space) and will only reply back with
those external IP addresses. If your firewall does aliasing (the Cisco PIX
does this) then you can tell the firewall to "lookup" the NAT translation
for the Public IP address and use the internal address when it gets hit with
the request. It will then redirect the traffic to the webserver after it
fixes the ip addresses in the packets.
Other options are to create a different DNS server for your internal client
machines or use a host file to define your internal website ip address.
First is better, second will work but is a pain to manage over the long
haul.

Regards,
Ed Horley

"Jimme Quinn Ross" <jimme@lbdc.state.ny.us> wrote in message
news:291401c4a1ac$e856dc70$a601280a@phx.gbl...
> Q.) How can I set up our internal DNS so that our public
> name is resolved to our private IP address?
>
> Info.
> We have an internal DNS that works fine inside the firewall
>
> The public address for our Web site is not resolved
> because we can't use NAT'd address' internally.
>
> Jimme

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

>-----Original Message-----
>In news:OguDSrDpEHA.1668@TK2MSFTNGP14.phx.gbl,
>Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> made
a post then I
>commented below
>>>
>>> I think that may be his WAN IP address of his NAT.
Wasn't
>>> he asking for the internal address?
>>
>> You're so right, I guess there's no way for me to tell
him that.
>
>Ok, I wasn't sure. That's what I thought. I guess if he
doesn't post back,
>hope he figures it out!
>
>
>
>Ace
>
>
>.
>He did! Well, sort of. The entry I made is now working. I
need to learn more about DNS. Thanks again for your help!

Jimme

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:36d401c4aa2b$b7d0b300$a401280a@phx.gbl,
Jimme Quinn Ross <anonymous@discussions.microsoft.com> made a post then I
commented below
> He did! Well, sort of. The entry I made is now working. I
> need to learn more about DNS. Thanks again for your help!
>
> Jimme

Well, better late than never! Glad we were able to help.


Ace