Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
dns issue
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
dns issue - 21.Sep.2007 8:48:14 PM
|
|
|
winoto
Posts: 125
Joined: 10.Sep.2002
From: Montreal
Status: offline
|
Hi,
Maybe it's not the right forum but i'm really confused and hope that someone at this forum can help me.
I just moved to other company that use PIX (ex)& ISA 2004(int). The private domain is totally different than the public domain, internal dns using root and ISP host our external DNS. I never work with this config, i have worked with split DNS and using forwarder for internal DNS at others.
I wanted to add a web server in DMZ, i just noticed when i wanted to add the enty in our internal DNS, that there is no zone for our public domain in internal DNS (i dont want to create a loop), so I checked the cache, i saw that my public domain is there and the IP addresses are DMZ IP addresses, not public IP.
When I do nslookup (change the server name to ISP's DNS Server) for my old www, it shows it's DMZ IP but when i query my new www , it shows the public IP, so I changed the gateway to other ISA (Different ISP), do nslookup again, it shows the public IP for both www
I'm thinking that the ISP that host our DNS, create special rule that if there is a request from specific IP address, it will give DMZ IP. Is it possible?
I called our ISP tech (DNS dept) and explain it to him, he told me that he never see this and would be happy if i tell him when i have the answer.
Anybody can help me?
Thanks,
minx
|
|
|
|
|
RE: dns issue - 23.Sep.2007 11:22:59 PM
|
|
|
winoto
Posts: 125
Joined: 10.Sep.2002
From: Montreal
Status: offline
|
Thanks Tom, that's what i'm going to do, but have you seen config that I have right now? I google it, someone says it's possible with bind.
thanks,
Minx
|
|
|
|
|
RE: dns issue - 24.Sep.2007 9:58:13 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
BIND does have a feature that the Windows DNS does not, so that you could actually host your internal and external zones on a single machine, and the responses are based on the source IP address.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
