DNS Problem

I am having trouble trying to set up DNS to allow users to access a website that we have set up using an address i,e BBB.Contoso.co.uk internally as well as externally. I have set up an acess rule on ISA to allow the address through our firewall but i am stuck with the internal DNS part. Do i need to create a new zone or an alias CNAME??

So simply put i need users to be able to use the same address internally as well as externally. How can this be done?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

blargoe

Need more info.

Are you using the same DNS namespace (contoso.co.uk) internally as you are externally? If so, then just add an A record for BBB in your Internal DNS that points to whatever IP address for the site which is accessible from your LAN. If the server is on your lan, just use the private IP.

billybob01

Thanks for the reply Blargoe, i really need to get my head around this for tommorrow. So far this is what happened today. Our web guy has made a website for our users, like an intranet page and our users can browse to this site internally by using (example address) http//bbb, now our web guy has come to me and asked if i could set something up so that our users can use an address to access this site internally as well as externally, he is not bothered about the name as long as they are the same, so our domain is say Contoso.co.uk, i will need to have an address like bbb.contoso.co.uk to work internally as well as externally, but i dont know what to do regarding DNS.

dynamik

blargoe wrote:

Need more info.

Are you using the same DNS namespace (contoso.co.uk) internally as you are externally? If so, then just add an A record for BBB in your Internal DNS that points to whatever IP address for the site which is accessible from your LAN. If the server is on your lan, just use the private IP.

Yea, you need to have a zone for contoso.so.uk. You'd only need to create a new zone if you weren't already using that zone.

Just be sure to include any external resources in that zone as well because if they can't be resolved in that zone, the machine isn't going to look any further. An example of this is an externally hosted mail server. Suppose you're using external DNS for mail.contoso.co.uk (which your ISP is hosting for you), and your DNS servers are resolving that through forwarders or root hints. If you setup contoso.co.uk as a new zone for for BBB, your DNS servers will no longer look any further for any records for contoso.co.uk than themselves. You will manually need to create A, CNAME, etc. entries for all the external resources, such as mail in this example.

Just FYI, using the same namespace internally and externally is not a recommended best practice.

billybob01

Could a different address for external work? Lets say http//bbb for internal and http//www.bbb.contoso.co.uk for external, i would be happier with that set up, but i am afraid my DNS is sooo rusty. Would i then need to create a second zone for bbb and make it a secondary zone? or do i create an alias. If you could kindly keep it as simple as you can so i can get my head around this.

dynamik

Do you already have an internal zone? Just add an A record for BBB to it, and use bbb.internalDomainName.co.uk. You could do the same thing for an external address. Just have whoever hosts DNS for contoso.co.uk add an A record for BBB.

billybob01

Thanks dynamik, worked a treat.

Mishra

dynamik wrote:

Do you already have an internal zone? Just add an A record for BBB to it, and use bbb.internalDomainName.co.uk. You could do the same thing for an external address. Just have whoever hosts DNS for contoso.co.uk add an A record for BBB.

It would be best to use a CNAME for BBB to point to bbb.internaldomainName.co.uk
That way you know only 1 record points to a specific IP, that being the FQDN. It makes it easier if you ever need to change the IP address of a server, you only need to change the FQDN and all the other names will just pick it up through CNAME records.