General discussion

Locked

DNS and Firewalls

By jason3k ·
Here's the deal:

Running Win2K server. Three DCs. All Running DNS
#1 On the DMZ of a 3Com firewall-public IP addy
#2 Behind the firewall, private IP, NAT to a public addy
#3 Behind a remote firewall, private IP, NAT to a public addy

The problem:
The two DCs behind the firewalls, register their private IP addresses to
DNS. The DC on the DMZ, can't reach them via the private IPs. I have tried
adding a second A record in DNS with the public IPs, but when they register,
the public IPs go away.

As you can imagine, this plays havoc with replication.

I tried adding the IPs to the DMZ DC's Hosts file, but this doesn't seem to
do any good.

Any thoughts? Anyone?

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

DNS and Firewalls

by cdcents In reply to DNS and Firewalls

We may have a few of these gong back and forth. Question: Can the firewall route between the DMZ and the DC's behind it? I believe the answer will be yes. If so does the DMZ DC know how to get to the private IP's on the other side. A simple route tothe private IP's on the DMZ DC MAY be able to solve your problem in this case. Will watch for updates.

Collapse -

DNS and Firewalls

by jason3k In reply to DNS and Firewalls

My firewall isn't smart enough to route to the private IPs. As far as I can tell, the only way to get to the LAN is thru the NAT address. The problem is unless I have the NAT address in DNS the DC can't see the SRV records.

Back to Windows Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums