Creating a zone to use our external FTP name and point to our inte

Discussion in 'DNS Server' started by Curtis J. Pogue, Feb 28, 2005.

  1. I was hoping I could ask you this question directly as I'm needing an answer
    pretty quick.

    I rebuilt our DNS this weekend because I inherited it and it wasn't quite
    right. We host a FTP server and our users were accessing the site using the
    external name of ftp.prorodeo.com. When I recreated our DNS I created a
    prorodeo.com zone and put the FTP A record in there. This caused a problem
    today because people were not able to access our website and we have internal
    Outlook users that use POP3 to access our mail server and our mail server
    said that prorodeo.com was not found in DNS.

    I was wondering what is the best way to set this up so it works again?
     
    Curtis J. Pogue, Feb 28, 2005
    #1
    1. Advertisements

  2. Curtis J. Pogue

    Todd J Heron Guest

    Is your internal AD domain name also called prorodeo.com?
     
    Todd J Heron, Feb 28, 2005
    #2
    1. Advertisements

  3. No, it's prorodeo.local.
     
    Curtis J. Pogue, Feb 28, 2005
    #3
  4. Curtis J. Pogue

    Todd J Heron Guest

    Is prorodeo.com and prorodeo.local being hosted on the same server?
     
    Todd J Heron, Feb 28, 2005
    #4
  5. Curtis J. Pogue

    Roland Hall Guest

    in message
    :I was hoping I could ask you this question directly as I'm needing an
    answer
    : pretty quick.
    :
    : I rebuilt our DNS this weekend because I inherited it and it wasn't quite
    : right.

    You appear to be going in the wrong direction.

    : We host a FTP server and our users were accessing the site using the
    : external name of ftp.prorodeo.com.

    Is this the correct external IP? 64.140.2.125
    And name: ns1.isocentric.com
    I connected to it:
    Connected to ftp.prorodeo.com.
    220 Gene6 FTP Server v3.4.0 (Build 16) ready...
    User (ftp.prorodeo.com:(none)): anonymous
    331 Password required for anonymous.
    Password:
    530 Login or Password incorrect.
    Login failed.
    ftp> close
    221 Goodbye.
    ftp> quit

    It didn't allow anonymous logons. Hopefully that is correct.

    : When I recreated our DNS I created a
    : prorodeo.com zone and put the FTP A record in there.

    And what address did you put in there? The external or internal IP address
    and is this the external or internal DNS server?

    : This caused a problem
    : today because people were not able to access our website and we have
    internal
    : Outlook users that use POP3 to access our mail server and our mail server
    : said that prorodeo.com was not found in DNS.

    Sounds like you're in the calf scramble already. The IP is important.

    : I was wondering what is the best way to set this up so it works again?

    Need the IP info first. See above.

    If the DNS server is internal and the internal IP address is 192.168.x.x or
    some other private IP address and you used the external address, it's not
    going to work. If the FTP server is external, then there is no reason to
    put a zone in your internal DNS for people internal to get to it. When you
    mention servers and internal vs external, we need to know where everything
    is and internal IP addresses are important. External usually isn't and
    protects your privacy.

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Online Support for IT Professionals -
    http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
    How-to: Windows 2000 DNS:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
    FAQ W2K/2K3 DNS:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382
     
    Roland Hall, Feb 28, 2005
    #5
  6. The only thing we host in house is our ftp.prorodeo.com and our
    mail.prorodeo.com server. Prorodeo.local doesn't not have any web servers
    but our users have been accessing our FTP server using the external site name
    before the rebuild.
     
    Curtis J. Pogue, Feb 28, 2005
    #6
  7. You have the correct external information, it does not allow anonymous. I
    used the internal address in the A record in DNS. DNS in internal.
     
    Curtis J. Pogue, Feb 28, 2005
    #7
  8. Curtis J. Pogue

    Todd J Heron Guest

    You need to setup correct forwarding on your internal DNS server pointing to
    your ISP's DNS server since that manages prorodeo.com. Then using
    management tools that your ISP has provided to you, ensure your are
    correctly pointing the host records in the prorodeo.com zone at the correct
    IP hosts.
     
    Todd J Heron, Feb 28, 2005
    #8
  9. Curtis J. Pogue

    Todd J Heron Guest

    Is your FTP and mail server in a DMZ and straight-up publicly accessible or
    are they behind a firewall/NAT device alongside with your internal AD
    resources?
     
    Todd J Heron, Feb 28, 2005
    #9
  10. They are behind a firewall with NAT, the entire network is.
     
    Curtis J. Pogue, Feb 28, 2005
    #10
  11. Curtis J. Pogue

    Todd J Heron Guest

    Then I suggest to build a zone called prorodeo.com on your internal DNS
    server, and populate it with the host records for the ftp and mail resources
    using their internal private IP addresses. The prorodeo.com zone at your
    ISP will be for public users to use and they get to the IP hosts via NAT
    translation at your firewall. The internal prorodeo.com zone will be for
    your internal users to use and they will not use NAT to get to anything in
    prorodeo.com zone obviously because it is internal.
     
    Todd J Heron, Feb 28, 2005
    #11
  12. The more I researched today I wondered about that. I know from this morning
    that people could not access our website which is hosted by someone else.
    Should I put a www A record in there too and use the external address?

    The one thing that puzzles me is there was a prorodeo.com zone setup before
    the rebuild with only a FTP A record and the only problems it had was
    occasionally it would point users to the outside address.
     
    Curtis J. Pogue, Feb 28, 2005
    #12
  13. Curtis J. Pogue

    Todd J Heron Guest

    Should I put a www A record in there too and use the external address?

    Yes, since you're website is external and prorodeo.com is authoritative for
    any hosts within that zone.
     
    Todd J Heron, Feb 28, 2005
    #13
  14. Thanks for your help. I'll get this setup later today and see if it makes
    everyone happy.
     
    Curtis J. Pogue, Feb 28, 2005
    #14
  15. In
    Todd, I would suggest he delete the prorodeo.com zone, then create a zone
    named ftp.prorodeo.com then place a new host record leaving the name field
    blank and give it the IP of the local FTP server.
    Then he won't have to mirror all the external records and his DNS will
    forward everything else out for resolution.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Feb 28, 2005
    #15
  16. Curtis J. Pogue

    Todd J Heron Guest

    I keep forgetting about that trick Kevin!
     
    Todd J Heron, Feb 28, 2005
    #16
  17. Curtis J. Pogue

    Todd J Heron Guest

    ....and that's probably b/c I've never actually implemented that scenario,
    although I keep reading in here different mentioning it. Might take a few
    more false starts or at least an actual test implementation before I "burn
    that in" as a possible solution!
     
    Todd J Heron, Feb 28, 2005
    #17
  18. Curtis J. Pogue

    Roland Hall Guest

    in message
    : In : Todd J Heron <> commented
    : Then Kevin replied below:
    : > Then I suggest to build a zone called prorodeo.com on
    : > your internal DNS server, and populate it with the host
    : > records for the ftp and mail resources using their
    : > internal private IP addresses. The prorodeo.com zone at
    : > your ISP will be for public users to use and they get to
    : > the IP hosts via NAT translation at your firewall. The
    : > internal prorodeo.com zone will be for your internal
    : > users to use and they will not use NAT to get to anything
    : > in prorodeo.com zone obviously because it is internal.
    :
    : Todd, I would suggest he delete the prorodeo.com zone, then create a zone
    : named ftp.prorodeo.com then place a new host record leaving the name field
    : blank and give it the IP of the local FTP server.
    : Then he won't have to mirror all the external records and his DNS will
    : forward everything else out for resolution.

    I like that approach. I have a web/ftp/mail server accessible to the net
    but behind the firewall where I have direct access. I put in a domain.com
    zone and put the local addresses for it. The external addressing is hosted
    on the net. Is that not the best approach?

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Online Support for IT Professionals -
    http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
    How-to: Windows 2000 DNS:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
    FAQ W2K/2K3 DNS:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382
     
    Roland Hall, Mar 1, 2005
    #18
  19. Curtis J. Pogue

    Todd J Heron Guest

    Well, if you don't mind manually updating records in two zones whenever a
    change is made, no big deal. Or if the IP address of the host doesn't
    change or hosts are not added/removed/changed frequently then still no big
    deal. With Kevin's approach, you may wind up with a lot of forward lookup
    zones to have to look at when you open up the DNS console such as for you,
    with web/ftp/mail you might have a list which looks like this:

    www.domain.com
    ftp.domain.com
    mail.domain.com

    Some may see that as a simpler approach some may not. I think it depends on
    the administrator. I might confuse a beginner DNS admin but certainly not a
    seasoned one, such as him. I see the benefits of Kevin's approach and won't
    argue with it. I'll try to integrate the solution into my notes for the
    benefit of future posters wherever it applies.
     
    Todd J Heron, Mar 1, 2005
    #19
  20. Curtis J. Pogue

    Roland Hall Guest

    : Well, if you don't mind manually updating records in two zones whenever a
    : change is made, no big deal. Or if the IP address of the host doesn't
    : change or hosts are not added/removed/changed frequently then still no big
    : deal. With Kevin's approach, you may wind up with a lot of forward lookup
    : zones to have to look at when you open up the DNS console such as for you,
    : with web/ftp/mail you might have a list which looks like this:
    :
    : www.domain.com
    : ftp.domain.com
    : mail.domain.com
    :
    : Some may see that as a simpler approach some may not. I think it depends
    on
    : the administrator. I might confuse a beginner DNS admin but certainly not
    a
    : seasoned one, such as him. I see the benefits of Kevin's approach and
    won't
    : argue with it. I'll try to integrate the solution into my notes for the
    : benefit of future posters wherever it applies.

    I read his [Kevin's] response to be for this application of ftp. Does this
    mean I would create 2 more for www and mail? And, if they are all on the
    same box, like with SBS, couldn't I just create a zone of domain.com, leave
    the host record blank and then point internal users all to domain.com for
    ftp, mail and www or am I not understanding something?

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Online Support for IT Professionals -
    http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
    How-to: Windows 2000 DNS:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
    FAQ W2K/2K3 DNS:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382
     
    Roland Hall, Mar 1, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.