Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Internet DNS vs. Intranet DNS

  1. #1

    Internet DNS vs. Intranet DNS

    I've made couple of posts and read a $....load of posts about this issue but I still need help w/ one thing. This office where I'm setting up the network uses set-up like this

    bussines class DSL ---> HD firewall (watchguard firebox SOHO6)---> switch--->

    there are buncha clients connected to the switch and more importantly one DNS/Domain Controller

    the external network @ the firebox is a registered IP w/ mask and 2 static Internet DNS's.

    the trusted network is which is the firebox w/ mask....
    then you have the switch
    the server has static IP and the firebox is configured to accept as a static route
    then the firebox is configured to DHCP from and all the clients recieve the dynamic IP...

    i don't think i needed to set up the server as a DHCP server since the firebox is already doing it, but none of the clients see the domain.

    all the clients can get onto the Internet fine w/ their dynamic IP's but they don't see the domain. you can ping it from the clients but you can't connect to it. how can i set up the firebox/server/client so the clients check the DNS on the server first before going to Internet DNS's

  2. #2
    AO French Antique News Whore
    Join Date
    Aug 2001
    All your client have dynamic IP provide by DCHP server who your firewall except the Server who have a static IP. This is what I understand so here my info

    1) Internet DNS vs. Intranet DNS are very apart stuff. Don't mess them together.

    2) Does your server can surf the Internet. Did you force the Internet DNS server in the Tcp/Ip protocol?

    3) Can your other client ping your server?

    4) Did you install and CONFIGURE Windows 2000/2003 DNS before setting an Active Directory?
    -Simon \"SDK\"

  3. #3
    1. i know...
    2. yes ... all the clients and the server can go on the internet... yes all the clients can ping the server ( static address)
    all the clients are configured to dynamic address and they can acces the net
    the server is the only one which is configured to static IP ( is the firebox)
    3. when you configure the Active Directory the setup will ask you about the DNS and automatically configure the DNS for you. I did that!!!

    At this point I don't know how come client CAN resolve any web sites but CANNOT see the MS domain.

    I did configure the domain as the FIRST domain tree in the FIRST domain forest ... should i make it a subdomain or somehow reley the info to the clients...

  4. #4
    can anyone help me... i will accually send you money throught paypal... just pls help me figure this out

  5. #5
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    What message do you get when you try to connect to the domain. Also is it when you try to add a machine to the domain you get the error or when you try to use a resource on the domain?
    If your machine can ping the domain it should be able to connect to it.
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    It sounds like your clients might be getting their DNS from the Firewall, (they DHCP it and if you put a DNS server entry into the firewall then it may be providing that to the clients too). If this is the case then they are asking resources outside your domain for information about the inside which they do not have hence you can't see your domain.

    Try this: Go to a client, open a command prompt and type nslookup <Enter>. This will take you to the default DNS server for that client. If it is outside your network go to network settings and tell the cliennt not to get it's DNS server from the DHCP server but to use your internal server. Then re-run nslookup and see what the server is. Once you are looking internally then make sure you have your domain set up in the DNS, (is this a Win2k server?). If it is Win2k have DNS set up the zone for you by making it an AD integrated zone and all the appropriate records for domain management will be created for you.

    In the server's network settings tell it that it's secondary DNS server is the one outside, (your ISP's), DNS. That way when it is asked for DNS resolution of a domain outside yours for a client it can go to the internet to get the information.

    DO NOT, allow remote machines access to your internal DNS server or they can determine the entire layout of your network.......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    AO French Antique News Whore
    Join Date
    Aug 2001
    To follow Tigershark idea, it could be more easy is to set your server as DCHP server and stop using your Firewall as DCHP.
    -Simon \"SDK\"

  8. #8
    I configured the firbox to give out the DNS as w/ the DHCP so I don't understand what the hell

    Does "DHCP relay" have anything to do w/ it

    I also tried to configure the clients to go to static DNS and all this accomplished was that they couldn't go to the Internet.

    I think now that I may have configured the DNS server wrong. But I have only followed the instructions. Made it the only server 1st tree 1st forest. Should I configure the DNS first and then "dcpromo" it later or can i just Do the wizard for AD which configures the DNS for you.

  9. #9
    I, too, was wondering about configuration of an intranet DNS server.

    Anyone have a mess of good tutorials for setting up a Linux based DNS server for my LAN at home?

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    1. Uninstall your DNS on the server.
    2. Run DCPROMO
    3. Tell it to install an AD integrated zone.

    Now you have an AD Domain.

    1. Remove the ability to provide DHCP from the firebox, remove any reference to DNS servers from the firebox.
    2. Install DHCP on the AD server.
    3. Set up a scope appropriate to your network
    4. Set up the scope options appropriate for your network including DNS pointing to the AD server.
    5. Open DNS on the server and allow it to make recursive queries, (I believe that's it).
    6. Ensure that your firewall allows outbound DNS on both TCP and UDP from your server only.
    7. Ensure all DNS inbound is blocked at the firewall.
    8. Reboot a client.
    9. Join it to the domain
    10. The internet should now work and so should the domain.

    If not see if you can tell me where a step went wrong.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts