Networks·41,424 discussions

DNS not resolving from external network

Locked

HELP!

I have setup a Win2003 Active Directory server inside my network. The server’s internal IP address is 19.168.1.150, and the external address of the firewall is 208.186.145.251. The server is up and running correctly, and I can use the IP address from outside the network to connect to it’s website. When I try and use my domain name “mncgp.com” it can not be resolved. However, internally DNS resolves the name just fine. I have mapped both UDP and TCP port 53 to the server to allow for DNS queries.

What setting am I missing? Should I have a Forwarder of my ISP’s DNS server?

Any help would be greatly appreciated!
Thank you in advance,
Jim Keltgen

Topic

Reply To: DNS not resolving from external network

In reply to DNS not resolving from external network

Is the IP address you assigned the external port on the firewall new? If so it takes time to register with your ISP’s DNS servers and to replicate out to the internet. You can call your ISP to have them manually update their DNS for you.

When pinging your external firewall IP I get this response:

C:\>ping 208.186.145.251

Pinging 208.186.145.251 with 32 bytes of data:

Reply from 162.37.20.14: Destination port unreachable.
Reply from 162.37.20.14: Destination port unreachable.
Reply from 162.37.20.14: Destination port unreachable.
Reply from 162.37.20.14: Destination port unreachable.

Ping statistics for 208.186.145.251:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Is this 162.37.20.14 address the interal firewall port? If so there may be some issues with your NAT table. I’d go over it just to be sure.

Reply To: DNS not resolving from external network

In reply to Reply To: DNS not resolving from external network

No… the external IP is available but just not via PING (blocked on firewall). You can open a web page and browse to the page (port 80 enabled).

And no… the IP is not new. Been in place for quite a few weeks now.

Reply To: DNS not resolving from external network

In reply to Reply To: DNS not resolving from external network

Disregard the ping information, I’m at a new client site and found they aren’t forwarding ICMP and that address is some internal address at this site. Makes me seem smart now don’t it ;).

Anyhow, has the website been up and running before or is this the first time you’ve had it set up?

Reply To: DNS not resolving from external network

In reply to DNS not resolving from external network

Don’t reject the answer yet, there should be a way for you to add comments without closing the answer.

Have you ever had a website running on this IP address successfully?

When I did a WHOIS on your domain the name servers are listed as your name servers. Usually you have your ISP’s name servers listed. Have you contacted your ISP to have them forward your domain name to the external IP address that you have?

Reply To: DNS not resolving from external network

In reply to Reply To: DNS not resolving from external network

Scratch that I did a few more checks and found the name server you have listed are valid. For using a forwarder this only forces request coming from your internal network to external (or other internal) DNS servers. Since the external DNS servers apparently do not have the DNS name mapped to the IP this won’t solve anything.

I’m pretty sure this has to do with your ISP and their name servers not being updated. Since your website is accessible via the IP address (I’ve hit it) then it has to do with external DNS servers. Have you contacted them yet?

You can attempt to see if their name servers have your domain name mapped to your IP by using nslookup or digfe. digfe can be found here: http://www.concoctedlogic.com/digfe/

Reply To: DNS not resolving from external network

In reply to Reply To: DNS not resolving from external network

Reply To: DNS not resolving from external network

In reply to DNS not resolving from external network

This is easy to explain, difficult to fix.

You’re answering public queries with private addresses.

Forward lookup provides an Internal IP address, 192.168.1.150. No routing exists to that so the DNS is uncontactable.

Direct queries to your DNS server provide internal addressing for services like www.

Indirect queries to your DNS fail because reverse lookup can’t possibly work.

Now the hard part.

1. The DNS server must have an entry for itself on the public IP address. Without this reverse lookup fails. That is it must see itself as a public server.

2. Each service must have an entry for itself on the public IP address. Without this forward lookup is meaningless in that it provides an internal IP address.

3. Using a public domain name as an internal active directory domain name is a bad plan. Switching the internal domain name to mncgp.local would allow you greater control over the mncgp.com domain – this would have also allowed the port mapping to work.

At this point I would make the following recommendations – this will create the least work for you, or the fastest results.

Create a second DNS server. This server is to sit in a DMZ area outside your normal production LAN.

Leave your internal DNS server as it is, leave the DNS entries you have there.

On the External DNS server create another entry for mncgp.com and set up the correct entries, pointing to the public IP address.

This system is a bit of a pain since you now have two servers, but you can’t answer queries with both the internal and external addresses with your current server without significant changes to your internal DNS records.

Reply To: DNS not resolving from external network

In reply to Reply To: DNS not resolving from external network

Please note that your server server.mncgp.com is reporting itself as the nameserver for the domain, which is what you intended.

From your DNS server:

NSLookup mncgp.com produces:

Server: 208-186-145-251.nrp3.brv.mn.frontiernet.net
Address: 208.186.145.251

mncgp.com internet address = 192.168.1.150
mncgp.com nameserver = server.mncgp.com
mncgp.com
primary name server = server.mncgp.com
responsible mail addr = hostmaster
serial = 77
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
server.mncgp.com internet address = 192.168.1.150

NSLookup on server.mncgp.com reports:

Server: 208-186-145-251.nrp3.brv.mn.frontiernet.net
Address: 208.186.145.251

server.mncgp.com internet address = 192.168.1.150

From my server:

NSLookup mncgp.com produces:

Server: pmsidc03.pmsi
Address: 192.168.42.13

Non-authoritative answer:
mncgp.com internet address = 192.168.1.150
mncgp.com nameserver = server.mncgp.com
mncgp.com
primary name server = server.mncgp.com
responsible mail addr = hostmaster
serial = 77
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)

server.mncgp.com internet address = 192.168.1.150

NSLookup on server.mncgp.com produces:

Server: pmsidc03.pmsi
Address: 192.168.42.13

Non-authoritative answer:
server.mncgp.com internet address = 192.168.1.150

Deeper requests fail because of the information your server is giving out.

Reply To: DNS not resolving from external network

In reply to Reply To: DNS not resolving from external network

wow still not fixed…

ping http://www.mncgp.com

Pinging mncgp.com [192.168.1.150] with 32 bytes of data:

Request timed out
…

Reply To: DNS not resolving from external network

In reply to Reply To: DNS not resolving from external network

Reply To: DNS not resolving from external network

In reply to DNS not resolving from external network

I’ve read some of the answers given and don’t know if you’ve solved your problem but for you to use your domain name to find your server from an external [ WAN ] computer, your domain name registrar has to have a name server that reports what your public IP address is. That name server can be your own or it can be a 3rd party dynamic DNS service. Most domain name registrars require name servers to be registered with them. you may have specified your name server with them but unless your server is registered with them for dynamic updates they won’t list your name server as authoritative. Therefore internet whois inquiries go unanswered. Check with your registrar about their requirements for using your own name server OR you can try constanttime.com A 3rd party dynamic DNS service. I also recommend Dotster domain name registrar. Both Constanttime dynamic DNS updater service and Dotster work well together in providing DNS Name to public IP address resolution.

Reply To: DNS not resolving from external network

In reply to Reply To: DNS not resolving from external network

This is the whois domain name information on your public domain name. Note: I’ve removed your contact information [which I recommend that you block that at your domain name registrar]. that

mncgp.com Back-order this name

Registrant:

Domain Name: MNCGP.COM

Record expires on 08-Jul-2004.
Record created on 08-Jul-2002.
Database last updated on 12-Dec-2003 14:20:10 EST.

Domain servers in listed order:

SERVER.MNCGP.COM 208.186.145.251
SERVER1.MNCGP.COM 208.186.145.251

Thought your name servers are listed I do not get name to IP address resolution for your domain name MNCGP.com when I do a http://www.mncgp.com I can with your IP address and get your site without a problem.

This indicates that a whois internet wide query isn’t being answered by your name server. Either your name server isn’t providing the proper IP to Name answer via a A record or my query isn’t getting to your name server.

Reply To: DNS not resolving from external network

In reply to Reply To: DNS not resolving from external network

since your ISP provides you with your public IP address you have to provide a pointer record within your DNS that maps that IP address to your domain name NOT a nonroutable IP address like 192.186.xxx.xxx. Your DNS A record is providing internal nonroutable IP addresses as your public IP address which it can not be. The second answer really has the right idea of resolving your name to IP address problem by running a second public DNS server. If you don’t want to go through that expense and headache, again there are 3rd party DNS server services for about $20.00 a year [Constanttime.com being one of the thousands out there].

Reply To: DNS not resolving from external network

In reply to Reply To: DNS not resolving from external network

This is a pretty simple thing IP to Name resolution but it can get complicated if you don’t have a static public IP address assigned by your ISP. What that means is if your ISP decides to change your public IP address because you don’t have a static one, then you have to change your DNS records to reflect the new IP address. Pain in the butt especially when your ISP never tells you they are changing your IP address. That’s where the 3rd party DNS server services come in handy. They have a small client program for dyanmic dns updates that automatically checks your IP address and notifies the Name Server of any changes.

If you have a static IP address, create a dns pointer record that states MNCGP.com is 208.186.145.251. BUT as answer 3 says, you’ll have to have 2 name servers , public and private. Your clients can’t use the public A record for name to IP address resolution internally [they will now have the same problem that public users have , can’t find it, and public users will have no problem finding your web site].

Hope all this helps ya out.

Reply To: DNS not resolving from external network

In reply to Reply To: DNS not resolving from external network

I created an account on MyDomain.com which provides free publicly available nameservers.

I pointed the IP and MX records to my external IP and setup the firewall to route specific port traffic to that DNS server.

Reply To: DNS not resolving from external network

In reply to DNS not resolving from external network

If you are using a firewall appliance that has a DMZ port and have multiple IPs from your ISP, you could make the DNS server a multihome server with a second NIC, assigning it a routable IP from the ones you have available from your ISP.

The second NIC to the DMZ port on the firewall and make sure you have rules in the firewall to allow TCP/UDP 53 pass-through to the DMZ from the internal LAN and the internet. I did this and it worked great.

Reply To: DNS not resolving from external network

In reply to Reply To: DNS not resolving from external network

This would eliminate the name to IP resolution, as the DNS name would be resolving to a routable IP.

Reply To: DNS not resolving from external network

In reply to Reply To: DNS not resolving from external network

I only have one IP address, a DMZ would not work for me.

Reply To: DNS not resolving from external network

In reply to DNS not resolving from external network

This question was closed by the author

[Author]

Replies