Home > DNS > Stealth Nameserver problem

Stealth Nameserver problem



I have a webserver with mail server on a server at a colocation data center with a static ip EX: 200.200.200.200



My router receives the public static IP 200... and passes (allowed) requests to the webserver at INTERNAL IP of ex: 100.100.100.100.



My machine name is MyMachine handling domain MyDomain.com so the default (same as parent) is MyMachine.MyDomain.com at INTERNAL address 100...



So, I created an additional nameserver of NS1.MyDomain.com using the public 200... IP address.



For the domain, I set the DNS properties for SOA Primary Server to the NS1.MyDomain.com at 200... IP address. However, Microsoft knows best and keeps forcing it back to the MyMachine.MyDomain.com at 100... IP address. I can't stop MS from re-adding this, even though I cancel it, and/or force it back to the visible 200... IP address.



For handling simple www and ftp, no problem. However, when trying to handle mail requests, the mail is apparently failing mail resolution by looking at the MyMachine.MyDomain.com at 100... IP which obviously is unresolvable to the outside public and thus nothing can get through.



What am I missing, this is really P!$$ing me off... Help

    
Guest


Colocated huh? If so dump the NAT in your router and just use it's high-end firewall/port filtering capabilities. Its easy enough with high-end equipment. Otherwise buy a second port and connect it to another IP outside of your firewall and lock it down using the Windows advanced TCP/IP port filtering property pages, and have the DNS server only listen on that NIC. Option 2 is pretty expensive. Good luck!

SilentRage will probably tell you to switch to BIND, it may not be a bad idea.

Regards,
AlanGrah

Was this answer helpful ? Yes No   
Guest


The problem isn't Microsoft DNS Server I think. It's Active Directory making the changes and I've talked with people who have corrected the problem on their own. You can use BIND with Active Directory as well, but that won't solve the problem. No matter which DNS server you use Active Directory requires Dynamic DNS access to whatever zones you want to manage with it.



So if you don't want to manage your domains through Active Directory then disable Dynamic Update.

Was this answer helpful ? Yes No   
Guest
Answer it
Ask Question About DNS
 
 
Home - About Infoqu - Contact - Privacy Statement - Link to Infoqu - Bookmark Infoqu

Copyright 2007-2010 by Infoqu. All rights reserved