Accessing an external DNS address internally behind NAT
paintb4707
Member Posts: 420
in Off-Topic
I finally found a work-around for this. I've spent tons of time researching and was never able to find a solution for this until it just hit me now. I'm very proud of myself for figuring this out on my own so I thought I'd share it.
Let's say you host a website on your network which is behind NAT. You have an external DNS record for that website so that it can be viewed by the public.
Here's the conflict... when you try to access that external address, obviously it is directed to your NAT device. This is all fine and dandy when you're on the outside. When your internal, any traffic being directed to the NAT device (a WatchGuard Firebox in my situation) would result in a username/password prompt as if you were trying to log into the admin configuration page of the router/firewall. Just up until now I thought that there was no fix for this if the router/firewall doesn't have a traffic directing capability for NAT.
I was wrong.
Let's say your domain name is domain.name.local and you're trying to access your website internally which is www.domain.com.
If you create a new dns forward zone on your DNS server as "domain.com", you can then add an A Host record for "www" pointing to the IP address of its host, which in turn makes the FQDN "www.domain.com". Wait a few minutes for the DNS changes to be applied to your machine and you can access the website internally without being intercepted by the router.
This little method also helped me with Iphones and accessing company email via Wi-fi. Before I had to make sure users had two email accounts. One external and one internal for wi-fi. Adding another A Host record for "mail" (FQDN - mail.domain.com) would allow users to access email both internally and externally with only one account.
OWA is also accessible internally now for my users with the public address. Not that it's a big deal since they all have Outlook, but before you would have to access OWA internally with "https://www.exchange.domain.name.local" and it is now "https://webmail.domain.com"
Let's say you host a website on your network which is behind NAT. You have an external DNS record for that website so that it can be viewed by the public.
Here's the conflict... when you try to access that external address, obviously it is directed to your NAT device. This is all fine and dandy when you're on the outside. When your internal, any traffic being directed to the NAT device (a WatchGuard Firebox in my situation) would result in a username/password prompt as if you were trying to log into the admin configuration page of the router/firewall. Just up until now I thought that there was no fix for this if the router/firewall doesn't have a traffic directing capability for NAT.
I was wrong.
Let's say your domain name is domain.name.local and you're trying to access your website internally which is www.domain.com.
If you create a new dns forward zone on your DNS server as "domain.com", you can then add an A Host record for "www" pointing to the IP address of its host, which in turn makes the FQDN "www.domain.com". Wait a few minutes for the DNS changes to be applied to your machine and you can access the website internally without being intercepted by the router.
This little method also helped me with Iphones and accessing company email via Wi-fi. Before I had to make sure users had two email accounts. One external and one internal for wi-fi. Adding another A Host record for "mail" (FQDN - mail.domain.com) would allow users to access email both internally and externally with only one account.
OWA is also accessible internally now for my users with the public address. Not that it's a big deal since they all have Outlook, but before you would have to access OWA internally with "https://www.exchange.domain.name.local" and it is now "https://webmail.domain.com"