DNS question

CorySCoryS Member Posts: 208
Ok, lab setup.. Please help me understand how I go about something like this.

Scenario.
-Domain with AD and DNS on main DC
-Member Server with Exchange, IIS and multiple sites
-Domain Names hosted with GoDaddy

This is how I have it configured.
I have a zone setup for one of my domain names on the DNS server, internally my sites resolve just fine since I am using the dns server as my primary. Thats ok and fine.

How do I make it so that when someone goes to mydomain.com they then query my dns server to find the sites... i.e. site1.mydomain.com site2.mydomain.com etc..

I DO NOT want to use their dns zones to setup A records since I only have one IP. I am not sure if I have to register my dns server as one of my primaries for this particular domain, but I am really not sure how people normally do this. I of course could not get that to work either but I assume even if this was correct there are ISP rules out there blocking my attempts (they currently block outgoing 80 http and port 25 smtp)..

Again, I dont want to use their pre setup zone, just forward the requests for my domain name to my server to resolve whatever site is requested....

Thanks for any help. I can flood with more info if requested.
MCSE tests left: 294, 297 |

Comments

  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    I thnk you mean that your ISP is blocking "inbound" requests on ports 25/80 to residential subnets. If they were blocking outbound you wouldn't be able to send email or surf the web. icon_cool.gif

    I know what you mean though, and my guess is that if they are blocking those 2 ports to keep folks from setting up web servers and mail servers, they are proabably blocking port 53 as well.
    All things are possible, only believe.
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    In order to do this, you must go to Godaddy.com and register at least two nameserver records. They are usually named as such: ns1.domain.com, ns2.domain.com. You would usually point this to two external facing secondary dns servers in your DMZ. The reason I say secondary is since they are exposed to the internet, you want them to have a read-only copy of your zone. You would then have a stealth primary on the internal network.

    So let's say you have 2 external facing dns servers:
    externaldns1.domain.com - 64.22.33.44
    externaldns1.domain.com - 64.22.33.45

    You would then go to Godaddy and register the following:
    ns1.domain.com 64.22.33.44
    ns2.domain.com 64.22.33.45

    Go Daddy would then submit the nameserver records and within a 24-72 hours it'll get updated on the Root/TLD servers. Now when someone from remote location tries to search on the internet for your domain, their DNS server will see they are not authoritative for that zone, they will then go to the root servers, then to the .com TLD server, and the .com TLD server will see that there are nameserver records for your domain: ns1.domain.com and ns2.domain.com. That .com TLD server will send a referral answer back to the requesting DNS server and now that requesting DNS server will be able to contact your external facing dns server and/or send the positive answer back to their requesting client who issued the recursive query to their requesting dns server.

    As for your 1 primary ip, I'm pretty sure you can register the two nameserver records with the same ip address.

    Make sense?
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    royal wrote:
    As for your 1 primary ip, I'm pretty sure you can register the two nameserver records with the same ip address.

    Or you can round-robin the requests at your own firewall with port forwarding. Also, unless you really wants to expose your servers, you will really need a firewall set up with port forwarding to internal IP's if you only have 1 external public IP.

    Before you go to all that trouble though, make sure your ISP isn't blocking requests to port 53 on residential subnets. Telnet to port 53 from an external source to your DNS server IP find out.
    All things are possible, only believe.
  • CorySCoryS Member Posts: 208
    awesome, thanks for the clarification, i had setup the one name server on godaddy, and like you said sprymark i am not 100% sure if they are blocking port 53, and yes my brain is wired a little goofy so when I say stuff that totally sounds goofy I mean the opposite cause it makes sense in my head but no one elses :D

    Thanks for the replys though that really cleared it up for me.. every other forum I posted on just scolded me for want to try hosting my own dns server even though I clearly said it was only for testing purposes.

    I hate worthless responses, so I knew to come here to get something valuable.

    Thanks again!
    MCSE tests left: 294, 297 |
Sign In or Register to comment.