Nathaniel Hall wrote:
Maybe an example will clear it up a bit.
Our DNS resolves domain.com. I have system1.domain.com correctly resolving using the DMZ DNS.
The ISP DNS also resolves system1.domain.com for users outside the firewalls. In addition to system1, system2.domain.com resolves on the ISP DNS from the outside.
If I am on the inside and try to resolve system2.domain.com, it doesn't get resolved because it is not setup in the DMZ DNS. I want to be able to resolve system2.domain.com by passing the query from the DMZ DNS to the ISP DNS.
I know it is confusing. If there are any questions, let me know.
Hi Nathaniel,
I didn't find your explanation confusing, I understand exactly what you mean. I don't know if a way to do exactly what you're asking for, though. As far as I know, you will need to update the DNS on the DMZ box to match both what is in the ISP's zone and also whatever internal entries you need.
Perhaps someone who knows more about DNS than I do will have a fix for you, though :)
Another option would be to use a different domain for the internal addresses, and then have the ISP resolve all the queries for the external domain. So if you were using foo.com for the main, external domain, you might grab foo.net and use that for the internal addresses.
Rich