Creating a zone to use our external FTP name and point to our inte

Discussion in 'DNS Server' started by Curtis J. Pogue, Feb 28, 2005.

  1. In
    It depends on if there are any sites or servers under domain.com that you
    don't have administrative control over. You will have to mirror all the
    other names under domain.com that you don't have administrative control
    over, then hope the IP address doesn't change. I take the CYA approach, if
    you don't have authority of the name, and its address changes, you don't
    have to worry about it.
    If you take authority over the name, and the IP address changes, it might be
    days before you hear about the problem, during that time who gets the flack
    for the site being inaccessible?

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Mar 1, 2005
    #21
    1. Advertisements

  2. Thanks to all that replied. Last night I implemented Todd's approach and it
    seemed to work fine. Today I'm going to try Kevin's approach because I think
    it's really more what I'm after, only maintaining the one domain we're
    concerned with.

    Thanks again to all

     
    Curtis J. Pogue, Mar 1, 2005
    #22
    1. Advertisements

  3. Curtis J. Pogue

    Roland Hall Guest

    in message
    : In : Roland Hall <[email protected]> commented
    : Then Kevin replied below:
    : > message : > I read his [Kevin's] response to be for this application
    : > of ftp. Does this mean I would create 2 more for www and
    : > mail? And, if they are all on the same box, like with
    : > SBS, couldn't I just create a zone of domain.com, leave
    : > the host record blank and then point internal users all
    : > to domain.com for ftp, mail and www or am I not
    : > understanding something?
    :
    : It depends on if there are any sites or servers under domain.com that you
    : don't have administrative control over. You will have to mirror all the
    : other names under domain.com that you don't have administrative control
    : over, then hope the IP address doesn't change. I take the CYA approach, if
    : you don't have authority of the name, and its address changes, you don't
    : have to worry about it.
    : If you take authority over the name, and the IP address changes, it might
    be
    : days before you hear about the problem, during that time who gets the
    flack
    : for the site being inaccessible?

    Let's keep it simple.

    I control everything.

    External: domain.com - External DNS
    AD: domain.local - Internal DNS

    Server: Behind NAT/Firewall
    Apps: www, ftp, mail

    If I want internal users to reach the apps with local addressing, can I
    create a zone (internal), domain.com, no host name and point www, ftp and
    mail to just domain.com? I understood the ftp.domain.com to be just for
    ftp, although if www and mail were on the same server, I actually could use
    point them to ftp.domain.com. If domain.com could be applied the same way,
    couldn't that be used to eliminate the confusion?

    I'm not trying to piggyback on a thread, just trying to understand. If we
    need a new thread I'll start one.

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Online Support for IT Professionals -
    http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
    How-to: Windows 2000 DNS:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
    FAQ W2K/2K3 DNS:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382
     
    Roland Hall, Mar 1, 2005
    #23
  4. I have a managed Netpilot Linux firewall server which implements this
    in Bind very well to prevent the thread issue occurring. I had seen
    mention of it but hadn't seen it working before seeing this product.

    Andrew.
     
    Andrew Hodgson, Mar 1, 2005
    #24
  5. Yes, which is why on the AD box I use the zone approach, especially as
    all our services with the exception of backup MX (which the users
    never need to get to anyway) we host in-house, and they have relevant
    private addresses as well as the public address.

    Where it works well is in this case where you wanted ftp.domain.com to
    be given a local IP (and possibly the mail server to I can't
    remember), but let everything go to the external (off-site hosted)
    addresses, or in my situation where I have a managed firewall with a
    clean web front-end which shields the user from the number of zone
    files that get created.

    Andrew.
     
    Andrew Hodgson, Mar 1, 2005
    #25
  6. [...]
    Not in the way you suggest. Its better (or I see it better) if its
    written in notation:

    Create the domain.com zone.

    mail in a private.ip.address.of.mailserver
    ftp in a private.ip.address.of.ftpserver
    www in a private.ip.address.of.webserver

    This will show up in the console in your domain.com zone.

    If all resolve to the same address you can do thusly:

    Create the zone domain.com.

    domain.com. in a private.ip.address.of.server
    ftp in cname domain.com.
    mail in cname domain.com.
    www in cname domain.com.

    In this case, when you lookup the server for ftp.domain.com, the
    server returns the cname and the IP address of domain.com, which is
    your private IP.

    Again all this will go into the domain.com zone in the console. This
    is useful if you have a lot of host names with the same IP and you
    just want to add/remove aliases at will, keeping the same IP address.
    When the private address of that server changes, you just change the A
    record for domain.com, and when the cache on the clients is timed out,
    they will get the new data.
    See above - I think this is what you are getting at. Cnames aren't
    always the best way, especially if the domain you are pointing to is
    not an authoritative domain on that server, as the clients then have
    to do a separate lookup for the value returned in the cname - this
    often happens with cheap WWW hosting, where the hosting company
    creates a cname pointing to the host name of their public webserver,
    illiminating the need to update several records/zones. Cnames are
    also illegal in MX records. However, for private use, they provide a
    great way of doing what you suggest.

    Thanks.
    Andrew.
     
    Andrew Hodgson, Mar 1, 2005
    #26
  7. Curtis J. Pogue

    Roland Hall Guest

    : On Tue, 1 Mar 2005 16:31:59 -0600, "Roland Hall" <[email protected]>
    : wrote:
    :
    : [...]
    : >
    : >Let's keep it simple.
    : >
    : >I control everything.
    : >
    : >External: domain.com - External DNS
    : >AD: domain.local - Internal DNS
    : >
    : >Server: Behind NAT/Firewall
    : >Apps: www, ftp, mail
    : >
    : >If I want internal users to reach the apps with local addressing, can I
    : >create a zone (internal), domain.com, no host name and point www, ftp and
    : >mail to just domain.com?
    :
    : Not in the way you suggest. Its better (or I see it better) if its
    : written in notation:
    :
    : Create the domain.com zone.
    :
    : mail in a private.ip.address.of.mailserver
    : ftp in a private.ip.address.of.ftpserver
    : www in a private.ip.address.of.webserver
    :
    : This will show up in the console in your domain.com zone.
    :
    : If all resolve to the same address you can do thusly:
    :
    : Create the zone domain.com.
    :
    : domain.com. in a private.ip.address.of.server
    : ftp in cname domain.com.
    : mail in cname domain.com.
    : www in cname domain.com.
    :
    : In this case, when you lookup the server for ftp.domain.com, the
    : server returns the cname and the IP address of domain.com, which is
    : your private IP.
    :
    : Again all this will go into the domain.com zone in the console. This
    : is useful if you have a lot of host names with the same IP and you
    : just want to add/remove aliases at will, keeping the same IP address.
    : When the private address of that server changes, you just change the A
    : record for domain.com, and when the cache on the clients is timed out,
    : they will get the new data.
    :
    : >I understood the ftp.domain.com to be just for
    : >ftp, although if www and mail were on the same server, I actually could
    use
    : >point them to ftp.domain.com. If domain.com could be applied the same
    way,
    : >couldn't that be used to eliminate the confusion?
    :
    : See above - I think this is what you are getting at. Cnames aren't
    : always the best way, especially if the domain you are pointing to is
    : not an authoritative domain on that server, as the clients then have
    : to do a separate lookup for the value returned in the cname - this
    : often happens with cheap WWW hosting, where the hosting company
    : creates a cname pointing to the host name of their public webserver,
    : illiminating the need to update several records/zones. Cnames are
    : also illegal in MX records. However, for private use, they provide a
    : great way of doing what you suggest.

    This is what I'm doing already except internal I don't have an MX record
    since that is for servers. If I had an additional mail server internally, I
    would. I thought he meant just using no host value with no other A records
    or aliases. Thanks for clearing that up.

    --
    Roland Hall
    /* This information is distributed in the hope that it will be useful, but
    without any warranty; without even the implied warranty of merchantability
    or fitness for a particular purpose. */
    Online Support for IT Professionals -
    http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
    How-to: Windows 2000 DNS:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
    FAQ W2K/2K3 DNS:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382
     
    Roland Hall, Mar 2, 2005
    #27
  8. No worries; I just included the MX bit as that is definately ilegal
    and I included it for reference only.

    Andrew.
     
    Andrew Hodgson, Mar 2, 2005
    #28
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.