Internal/External DNS Servers

[spudnuts]

Here's what I got:

2 Internal DNS servers on an internal intranet (172.x.x.x)
2 DNS servers that are in my DMZ (172.x.x.x)

For some reason host in the intranet are not having any problems resolving external addresses but the outside DNS servers don't seem to be doing anything. When I run "nslookup" on either external servers they can't even find themselves. They have entries for all internal servers but they have their public ip addresses, they also have entries for themselves but the address is their public IP address. There are no 172.x.x.x addresses in the external DNS servers at all and i'm wandering if that's why they can't see themselves or resolve to the intranet.

If that sounds confusing, you can only imagine how confused I am. I'm new to DNS and need to get this fixed.

The two internal DNS servers do have entries in them pointing to the DNS servers in the DMZ but by their internal IP addresses. How do I get these DNS servers to talk to each other for resolution?

Between all this, is a pix 501 firewall. I've checked all the access-list and they are fine. The inside, outside and static routes are good.

Information Assurance,CCNP,CST

 

[spudnuts]

Sorry, this is Windows 2000 Pro in mixed mode. Just upgraded from NT and still have some hosts out there that need to be upgraded.

Information Assurance,CCNP,CST

 

[ShackDaddy]

Do your DMZ DNS servers have dual interfaces? Are you running routable public IPs on your internal space? Are you able to ping internal IPs from the outside if you configure the PIX to allow it?

Are the DMZ servers set to forward requests to your ISP's DNS servers? That's normal, and you don't want them forwarding requests to the internal servers. They should have all the records on them that you want the public to know about you, and not the rest of the records for your internal network.

ShackDaddy
Shackelford Consulting