[ previous ] [ next ] [ threads ]
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  "'Mike Razavi'" <mike at havepc dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] can't access to a domain name which is hosted in my LAN
 Date:  Sat, 15 Jan 2005 09:51:04 -0500
Mike Wrote:
Currently my Forward Lookup Zones for my public domain names are
pointing to my public IP address with the A Records! Is this where I
am wrong? But from outside all my domain names are accessible! Note
that I am also DNS servers for these domain names which means my
public ip address is set as their DNS1 and DNS2.

James Replied:
Lets make sure I understand the scenario: SBS DNS is the Authoritative
DNS for DomainA.com (and others). Therefore, any records for these
zones must have Public IPs. Because of the structure of your network,
your client machines use the same DNS for the AD and Internet name
resolution. When an Internet client tries to go to www.DomainA.com,
the name resolves to a Public IP (no problem). When a local client
queries the local DNS it gets a Public IP and you cannot get there
from here...

Two solutions come to mind. The first is only good if you have a few
machines - put the private IP addresses in local clients' HOSTS files.
But this gets ugly if you have more that a couple of machines...

The other solution is to move the Authoritative DNS (Public IPs) for
public domains to a separate DNS. And use the SBS's DNS for local
resolution. You will still have zones for the domains you host on the
SBS, but they will be non-authoritative and have Private IPs. Your
local clients will resolve www.DomainA.com to a private IP. And
Internet clients will resolve www.DomainA.com to a public IP.

Using the m0n0wall forwarder will not help your situation. It
functions the same way as placing a dummy zone on your DNS using
private IPs. Being the Authoritative DNS for the domains is what is
throwing a wrench into the works.

Hope this helps...

James W. McKeand