Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

DMZ publc DNS

DMZ publc DNS

DMZ publc DNS


I have 2 networks in internal network and dmz network.

Internal network have 2 DNS servers to resolve name in both internal, dms hosts and public sites, dms network only have a public dns to resolve name in dmz host with public host name with public ip address (no internal ip address).

Recently, application vendor said that one of the application server cannot resolve host name in the dmz (based on internal ip address).

Need your help:
1. can i use the same dmz dns server to resolve dms hosts with internal address?
2. how to setup one internal dmz zone (192.168.x.x) and without forwards to public isp, if can use the same dms dns server.

Please advise.

with regards,
SC Moh

RE: DMZ publc DNS

Speaking generically, yes, your DNS server can reside in a DMZ and it can be used to resolve names and addresses for your LAN zone. Your DNS server will need a zone file and be configured to be authoritative for the zones you wish it to resolve for. You can then point your LAN PCs at the server and it should resolve the addresses. The tricky part will be getting the traffic to the server as you will likely require either an NAT rule or a static route to be able to get traffic between your LAN and DMZ. I would also recommend a set of firewall rules to limit the scope of the allowed traffic to queries of the DNS and the related response; in other words traffic should not be allowed to originate from your DNS in the DMZ to your LAN.


application vendor said that one of the application server cannot resolve host name in the dmz (based on internal ip address)
It would be better to address this type of question with actual data, events, and error messages. There are lots of reasons why it "couldn't resolve". For example, did the connection time out, was the query refused, or did it give a 'failure' indicating a problem with the zone configuration? Each of these conditions would result in a failure to resolve but they have different resolutions.

RE: DMZ publc DNS

Hi Noway2,

Thank you on your note.

In the DMZ network, can i use one DNS server to resolve all DMZ hosts with public ip address (as the main DNS server and ISP as the secondary DNS server) and with the same DNS server to resolve all DMZ hosts with internal ip address ?

Please advise.

with regards,
SC Moh

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close