Internal to External DNS issues

Question

Internal to External DNS issues

Hello all - I host my network's DNS internally, domain.com, and have a number of sub-domains active (mail.domain.com, helpdesk.domain.com, etc.), BUT our WWW.domain.com is externally hosted -- thus in server admin, I have an A record that points to the EXTERNAL IP address of the website.

I don't have any other DNS issues besides this: INTERNALLY, if I type "http://domain.com" into Firefox, I get an 'unable to connect' message, when IDEALLY I'd like that to redirect to "http://www.domain.com" - EXTERNALLY, "http://domain.com" redirects to "http://www.domain.com" -- the question is, what do I need to do in order to get this kind of redirect to work inside my network?

Running 10.4.10 on the DNS server, it also serves DHCP and is my OD Master.

thanks in advance

BC

XServe/XRAID/iBook/eMac/iMac G5, Mac OS X (10.4.10)

Posted on Nov 19, 2007 9:15 AM

Reply

Answer 1

Nov 19, 2007 11:13 AM in response to Blair Carswell

If this helps anyone, here's the (edited) contents of my /var/named domain.com.zone file:

domain.com. IN SOA password.domain.com. postmaster.domain.com. (
2007111620 ; serial
3h ; refresh
1h ; retry
1w ; expiry
1h ) ; minimum
domain.com. IN NS password.domain.com.
domain.com. IN NS password2.domain.com.
domain.com. IN NS ca1.ny.towerstream.com.
domain.com. IN NS ca2.ny.towerstream.com.
domain.com. IN A 10.0.1.11
password IN A 10.0.1.11
ldap IN CNAME password
powerschool IN A 10.0.1.6
password2 IN A 10.0.1.12
ms IN A 10.0.1.14
hs IN A 10.0.1.15
library IN A 10.0.1.2
helpdesk IN A 10.0.1.101
es IN A 10.0.1.13
www IN A xxx.xxx.xxx.xxx (**external IP address for our www server)
domain.com IN CNAME www
mail IN A 10.0.1.111
domain.com. IN MX 0 mail
retrospect IN A 10.0.1.200

Reply

Answer 2

Camelot

Level 9

58,599 points

Nov 19, 2007 3:52 PM in response to Blair Carswell

You need to edit the A record for domain.com.:

So instead of line 11 saying:

<pre class=command>domain.com. IN A 10.0.1.11 </pre>

it should say:

<pre class=command>domain.com. IN CNAME www.domain.com.</pre>

The line towards the end:

<pre class=command>domain.com IN CNAME www </pre>

is erroneous and should be removed.

Reply

Answer 3

Nov 19, 2007 4:50 PM in response to Camelot

Thanks Camelot

But 10.0.1.11 is my DNS server... will changing that not mess up DNS for my internal domain?

Reply

Answer 4

Camelot

Level 9

58,599 points

Nov 19, 2007 8:03 PM in response to Blair Carswell

But 10.0.1.11 is my DNS server... will changing that not mess up DNS for my internal domain?

The fact that 10.0.1.11 is your DNS server shouldn't be an issue - you should have a separate entry for that, anyway:

<pre class=command>ns A 10.0.1.11</pre>

However, this does mean that anything that you reference by 'domain.com' will point to your external DNS server - DNS knows nothing, and cares less about what services are running on any given hostname, so if 'domain.com' points to your external site, then any service that you try to access via 'domain.com' will reach out to your upstream server.

Reply

Answer 5

Nov 20, 2007 6:58 AM in response to Camelot

I get what you're saying here - thanks for explaining things.

I made the modifications you've been telling me and I still can't get to "http://domain.com" internally.

Now, I can't reach my INTERNALLY hosted "mail.domain.com" and "helpdesk.domain.com" sites...

Reply

Answer 6

Camelot

Level 9

58,599 points

Nov 20, 2007 7:48 AM in response to Blair Carswell

If none of your internal DNS is working now, then it sounds like you have some other issue with the zone.

Check the name server logs for any error messages, and maybe re-post the zone file here for review.

Reply

Answer 7

Nov 20, 2007 8:16 AM in response to Camelot

Well, because a number of my users started complaining that they couldn't get to mail and helpdesk when I changed domain.com. IN A 10.0.1.11 to domain.com. IN CNAME www.domain.com. and unftonately I'd had my DNS logging set to 'warning' level instead of info or debug, I don't have any info.

It would seem that the change you suggested made it so that my users, who are set to use our internal DNS for lookup, could no longer see the internally hosted servers -- remember, www.domain.com is hosted externally, but the others are internal.

This is what my zone file looks like NOW - everything behaves as it did before the initial changes I'd made (adding the "domain.com IN CNAME www" line) and the changes you'd suggested- (my users can get to the internal and external sites, but "http://domain.com" still doesn't work in a browser.

$TTL 14400
domain.com. IN SOA password.domain.com. postmaster.domain.com. (
2007112021 ; serial
3h ; refresh
1h ; retry
1w ; expiry
1h ) ; minimum
domain.com. IN NS password.domain.com.
domain.com. IN NS password2.domain.com.
domain.com. IN NS ca1.ny.towerstream.com.
domain.com. IN NS ca2.ny.towerstream.com.
domain.com. IN A 10.0.1.11
password IN A 10.0.1.11
ldap IN CNAME password
powerschool IN A 10.0.1.6
password2 IN A 10.0.1.12
ms IN A 10.0.1.14
hs IN A 10.0.1.15
library IN A 10.0.1.2
helpdesk IN A 10.0.1.101
es IN A 10.0.1.13
www IN A xxx.xxx.xxx.xxx
mail IN A 10.0.1.111
domain.com. IN MX 0 mail
retrospect IN A 10.0.1.200

Reply