Need Help from DNS Expert on Subdomain DNS Records

Discussion in 'DNS Server' started by razor, Jun 11, 2007.

  1. razor

    razor Guest

    Hello--

    We have an issue with being able to access a domain and it's sub domain from
    within and outside our firewall. We had it working with our old firewall, but
    we changed firewalls Friday and now it won't work.

    Here's our scenario: We have a namespace called 'domainname.com' with a DNS
    Host A entry for the IP address associated with the name of the website in
    our internal IIS server. We also have a sub domain named, 'dev' that we used
    to have the same IP address as the namespace, but since our new firewall will
    not allow more than one public IP to point to the same private IP, we had to
    change the IP address for the child Host A record as well as the website in
    IIS to something different than the parent IP.

    Now everything is whacky. Some of our clients inside the firewall can access
    the 'dev' site and some cannot. Some can access the parent site and some
    cannot, and those that can connect, can only do so intermittently.

    If we change the parent and the child Host A records to be the same IP, we
    cannot access the child site from outside the LAN/Firewall because of the new
    firewall policy with only one public IP per private IP pointer.

    Both the parent domain and child or sub domain IP addresses are in the IIS
    server's TCP/IP properties in it's NIC card. I looked up our DNS schema in
    O'Reilly's DNS 2nd edition for Windows 2003, and it said our convention is
    correct, but said nothing (that I can find) about IP addresses.

    All of our servers are Windows 2003 and our workstations are W XP /SP2.

    Any help would be greatly appreciated.

    sd
     
    razor, Jun 11, 2007
    #1
    1. Advertisements

  2. Read inline please.

    In
    Is there an Active Directory domain named "domainname.com", too?

    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps

    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jun 12, 2007
    #2
    1. Advertisements

  3. razor

    razor Guest

    No. We host three websites on our webserver and this particualr one that we
    are having issues with is not the same as our AD domain name.

    sd
     
    razor, Jun 12, 2007
    #3
  4. Read inline please.

    In
    When you use nslookup to resolve these names do you get the correct internal
    IP addresses?

    In addition, let's go in to further detail on your original post.


    Internally or externally?

    This is confusing, firewalls should not do this. If your talking about NAT
    mapping, you should be able to map multiple public IPs to on private IP, now
    you can not map one Public IP to more than one private IP. But the Private
    IP should be able to have as many public IPs mapped to it as you want,
    although it would seem to be a waste of Public IPs.



    You need to verify that the all DNS servers assigned to a the DNS Client be
    able to resolve every name it needs to resolve to the correct IP address.
    Some people attempt to have the Preferred and Alternate DNS resolve
    different namespaces. I won't happen that way, the DNS client tends to stick
    to the last DNS Server that responds. If one is an internal DNS and one is
    an external DNS, this will get you into trouble because both cannot resolve
    both the internal and external namespaces.

    What do you mean "Both the parent domain and child or sub domain IP
    addresses are in the IIS server's TCP/IP properties in it's NIC card"?

    Are they or are they not on the same IP address?

    NAT is 1 to 1 IP mapping, On Public IP to one private IP, you can't map one
    public IP to two private IPs. But, you should be able to map two public IPs
    to one private IP using standard NAT IP/port mapping.




    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps

    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jun 13, 2007
    #4
  5. razor

    razor Guest

    Ah, that's what 'read inline' means. Sorry m8. I'll reply inline below.
    Thanks for the help.

    sd

    I agree, but I am not a Cisco expert and that's what they told me. Anyway,
    external is working now--so I believe we can exclude the firewall as a
    culprit to our inability to access a website from within the LAN (behind the
    firewall).
     
    razor, Jun 13, 2007
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.