Developer

Setting up split DNS with BorderManager

Do you have situations where servers connected to the Internet have the same name with different internal and external TCP/IP addresses? Ron Nutter shows you how to ease the pain of connecting to them using BorderManager.


So you’ve connected your network to the Internet and now you want your Web server to have the same name internally on your LAN and externally on the Internet. This can cause a problem because the same name would have to resolve in your company’s DNS server to two different IP addresses—the internal IP address and the external Internet IP address. What do you do?

One option would be to set up another small, in-house DNS server with an internal DNS zone that has A records that point to your internal IP address. The drawback to this is that it creates one more server for you to maintain. Fortunately, there’s a somewhat simpler way to handle this task in BorderManager. All you have to do is enable BorderManager’s DNS proxy function.

Some assumptions
In this Daily Feature, I’ll assume you are running Netware 5.1, Support Pack 2A for NetWare 5.1, BorderManager 3.5, and Support Pack 2 for BorderManager.

Configuring BorderManager
First, you must go into NWAdmin on your administrative workstation and double-click on the server object that’s running BorderManager. Doing so will open the server’s Properties notebook. Scroll down the list of tabs until you see BorderManager Setup.

Click on the BorderManager Setup tab to display the BorderManager Setup Properties screen. Click the Application Proxy tab, and then select the DNS Proxy option. Next, click the Details tab and enable Indexed Logging. Click OK. You can then watch the server’s console screen. After a little while, you’ll see the Proxy Timestamp message showing as completed.

Once the DNS proxy service has been started, you’ll need to edit the Hosts file on the BorderManager server. This file resides in the ETC folder on your server’s SYS volume. You can edit this file with any text editor.

In the file, each IP address is followed by at least one space and the host names for the address. You’ll need an additional space between host names if more than one host name applies to the same IP address. For example, when I recently set this up for my company (where we have multiple Web servers running on the same copy of IIS on a single server), the entry in my server’s Hosts file looked like this:
10.0.0.1www.interweb.comwww.hrweb.comwww.mailweb.com

After you have made the entry you need in the Hosts file, save the file and exit out of the text editor. Switch over to the Proxy Console screen on the BorderManager server and watch for the message that the new hosts file has been read. Once you see this message, the DNS Proxy service is ready to start handling the workstation resolution requests. You will also want to run INETCFG at your server’s console. Make sure that the DNS Resolver configuration points to DNS servers outside your network.

Configuring workstations
After you have completed the BorderManager configuration steps, you are ready to configure the workstations. You will need to change the DNS servers listed on the workstations to use only the IP address of the BorderManager server. This will ensure that all resolution requests are sent to the BorderManager. If the BorderManager server doesn’t have information on the server being queried, it will pass the query onto the external DNS servers listed on the Resolver screen in INETCFG.

Conclusion
When I implemented this on my company’s network, I was able to redirect the Web sites we were bringing in-house using just a few keystrokes. Using the DNS Proxy on BorderManager also reduces the amount of DNS traffic that has to go out to the Internet from the PCs on your network.

Editor's Picks