[ previous ] [ next ] [ threads ]
 
 From:  "Mike Razavi" <mike at havepc dot com>
 To:  "James W. McKeand" <james at mckeand dot biz>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] can't access to a domain name which is hosted in my LAN
 Date:  Sat, 15 Jan 2005 22:22:00 -0800
Jim, after 10 hours (since I got this email) I can't figure a fix for my
problem. (or maybe it's not a problem!).

 

At this time per our earlier email I disabled one of the two NICs and
only have one NIC running. I also read through
http://www.microsoft.com/serviceproviders/whitepapers/split_dns.asp
article and did exactly what Microsoft told on this. I am 99% sure all
my forwarders and DNS configurations are correct.

 

Please see few comments below:

 

When an Internet client tries to go to www.DomainA.com
<http://www.domaina.com/> , the name resolves to a Public IP (no
problem). 

 

This part always worked fine and still working beautifully.

 

When a local client queries the local DNS it gets a Public IP and you
cannot get there from here...

 

Actually no. When a local client queries the local DNS it gets my
server's local IP address which is fine (mylocaldomain.local). But when
a local client tries to go to www.DomainA.com <http://www.domaina.com/>
, the name resolves to a Public IP address instead of server's local IP
address! For some reason from the local network I can't pull-up the
website for www.DomainA.com <http://www.domaina.com/>  but note that I
can ping it and I get reply it's Public IP.

 

Two solutions come to mind. The first is only good if you have a few
machines - put the private IP addresses in local clients' HOSTS files.

But this gets ugly if you have more that a couple of machines...

 

The other solution is to move the Authoritative DNS (Public IPs) for
public domains to a separate DNS. And use the SBS's DNS for local

resolution. You will still have zones for the domains you host on the
SBS, but they will be non-authoritative and have Private IPs. Your

local clients will resolve www.DomainA.com to a private IP. And Internet
clients will resolve www.DomainA.com to a public IP.

 

Maybe this is the part that I didn't understand! Are you talking about
two different boxes here?

 

Using the m0n0wall forwarder will not help your situation. It functions
the same way as placing a dummy zone on your DNS using

private IPs. Being the Authoritative DNS for the domains is what is
throwing a wrench into the works.

 

 

Hope this helps...

 

_________________________________

James W. McKeand

 

 

 

 

---------------------------------------------------------------------

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch

For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch