<> wrote in message news:d0341bae-e8ea-45ac-b716-...
> (note: for the entirety of this e-mail the word "domain" never means
> active directory domain. This is a plain-old DNS question.)
>
> I'm operating a network where we have a set of servers (various
> windows and linux servers) which are all multihomed to a private
> network and to internet-facing public IPs. Up until now, the DNS for
> the private network was being provided by a DNS Server on Windows
> Server 2003 (*not* R2). The DNS server was also multihomed in the same
> configuration. So to illustrate we have the following (made-up) IPs:
>
> nameserver.example.com 1.2.3.1, 172.16.0.1
> server2.example.com 1.2.3.2, 172.16.0.2
> server3.example.com 1.2.3.3, 172.16.0.3
> etc.
>
> Netmasks for the public are all 255.255.255.0, same for private.
>
> server2 and server3 are set to use 172.16.0.1 as their DNS, so queries
> would run across the internal network. This was so tools and software
> running on these servers always resolve to the internal interface when
> trying to contact other servers. So far, this was working great. The
> DNS server was only answering for internal requests. Public requests
> were being done through a DNS host outside anything you see here. Thus
> in _that_ configuration public IPs were entered. Thus clients querying
> across the internet only ever got public IPs.
>
> Now I'd like to use the DNS server to be the actual nameserver for
> example.com, so external queries get answered by it, rather than the
> other host. Windows Server 03 lets me add two A records for the same
> name. If I enable netmask ordering, then any requests from the private
> interface always answer with the private A record, which is great.
> Also if a request comes from a server listed above over the public
> network, it responds with the public IP, since again the subnet
> matches. So far so good. However, if a request from another client
> over the internet comes in (which doesn't match any subnet assigned to
> the box), it answers in the order they are listed in the DNS
> configuration, since it doesn't match either subnet of either network
> adapter on the server.
>
> Is this a situation I can get to work? To be clear, the only issue
> here is queries that come *outside* either subnet on the box, which is
> from the internet. Is there any way I can force the DNS server to
> answer with the "public" A records in these cases?
>
> If I can't do this, then I'll have to settle with two DNS names for
> each host, (server.example.com and server.internal.example.com) which
> lacks elegance if nothing else.
Unfortunately, Windows DNS (any version) does not support or have a View feature that BIND does. With the View feature, you can state client requests from subnet(s) will be resolved to your choice of host record.
One suggestion is to have two separate physical DNS servers, one for public records that public clients will query, and one for internal. Since it is only DNS, and DNS has no huge horsepower draw on Windows resources, I can suggest to install Microsoft Virtual PC on the DNS server itself, then create a VM and install WIndows 2003 (any version you desire), then only add DNS services in it. Provide the VM host's IP to the internal clients, and the main machine's IP to the public side.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
For urgent issues, you may want to contact Microsoft PSS directly. Please
check
http://support.microsoft.com for regional support phone numbers.
"Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker
http://twitter.com/acefekay
Similar Threads
Linear Mode
