Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Authoritative DNS server returning private IP

Status
Not open for further replies.
beatdown

beatdown

Technical User
Feb 27, 2005
85
US
We have a Windows Server 2008 box, acting as an authoritative DNS server. The server is behind a firewall, and has a private IP address.

We've setup the necessary host records, and everything works fine if someone on the internet browses to or ftp.ourdomain.com, etc...

The problem is if they leave out the ftp, and just go to ourdomain.com. The result, is that it resolves to the private IP of our DNS server, which obviously won't work on the public internet. Likewise, if they try to ping ourdomain.com, it resolves to the private IP.

In the DNS console of the server, I can see there is a host (A) record with the private IP, with the host name listed as (same as parent folder). This record is automatically created, and if I delete it, it just automatically comes back after a little while.

If it matters, the DNS zone is Active Directory integrated.

Can anyone tell me how to fix this, so the server stops responding to DNS queries with it's private IP?

Thanks!
 
Sort by date Sort by votes
Yes, the domain name is the same for both the internal active directory domain, and the public domain.
 
Upvote 0 Downvote
OK, not best practice on that one. That is your issue. You are going to have to put your website in your DMZ on a workgroup server that is not on the domain. You will need your outside DNS to resolve into that box with a public IP assigned to one of its NICs. You shouldnt have your website on your internal LAN at all.

_______________________________________
Great knowledge can be obtained by mastering the Google algorithm.
 
Upvote 0 Downvote
If you have outside DNS, then point your root domain.com to the same IP as you have and you should be fine. That way when someone on the internet puts domain.com in their browser, it goes to the same NAT'd webserver you are hosting internally.

_______________________________________
Great knowledge can be obtained by mastering the Google algorithm.
 
Upvote 0 Downvote
I should add some more details about this environment...

This DNS server acts as a Dynamic DNS (DDNS) server, just like dyndns.org or one of the well known public ddns services.

One of the requirements of the DDNS software, is that it be put on a domain controller, and that the DNS be Active Directory integrated.

So this DNS server already exists in a DMZ, and there is nothing else in that DMZ. This isn't the Active Directory server we use on our LAN.

The server has a private IP, and the firewall is setup to NAT the public IP, and pass traffic on port 53.

So there is no website involved, and there is no outside DNS server...this server is the authoritative server for the domain.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
10K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
11K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
12K
tbright
tbright
herestone
  • Locked
  • Question
Core Switch DHCP Server Management 1
Replies
2
Views
10K
herestone
herestone
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
10K
Richard Carter
Richard Carter

Part and Inventory Search

Sponsor

Back
Top