General discussion


DNS and Firewalls

By jason3k ·
Here's the deal:

Running Win2K server. Three DCs. All Running DNS
#1 On the DMZ of a 3Com firewall-public IP addy
#2 Behind the firewall, private IP, NAT to a public addy
#3 Behind a remote firewall, private IP, NAT to a public addy

The problem:
The two DCs behind the firewalls, register their private IP addresses to
DNS. The DC on the DMZ, can't reach them via the private IPs. I have tried
adding a second A record in DNS with the public IPs, but when they register,
the public IPs go away.

As you can imagine, this plays havoc with replication.

I tried adding the IPs to the DMZ DC's Hosts file, but this doesn't seem to
do any good.

Any thoughts? Anyone?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

DNS and Firewalls

by cdcents In reply to DNS and Firewalls

We may have a few of these gong back and forth. Question: Can the firewall route between the DMZ and the DC's behind it? I believe the answer will be yes. If so does the DMZ DC know how to get to the private IP's on the other side. A simple route tothe private IP's on the DMZ DC MAY be able to solve your problem in this case. Will watch for updates.

Collapse -

DNS and Firewalls

by jason3k In reply to DNS and Firewalls

My firewall isn't smart enough to route to the private IPs. As far as I can tell, the only way to get to the LAN is thru the NAT address. The problem is unless I have the NAT address in DNS the DC can't see the SRV records.

Related Discussions

Related Forums