Everything we do requires a single domain so I can't do that and I don't
want to update everything on the ISPs, so that won't work either.
Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln@xxxxxxx
417-447-7535
Rich Burroughs wrote:
Nathaniel Hall wrote:
Maybe an example will clear it up a bit.
Our DNS resolves domain.com. I have system1.domain.com correctly
resolving using the DMZ DNS.
The ISP DNS also resolves system1.domain.com for users outside the
firewalls. In addition to system1, system2.domain.com resolves on
the ISP DNS from the outside.
If I am on the inside and try to resolve system2.domain.com, it
doesn't get resolved because it is not setup in the DMZ DNS. I want
to be able to resolve system2.domain.com by passing the query from
the DMZ DNS to the ISP DNS.
I know it is confusing. If there are any questions, let me know.
Hi Nathaniel,
I didn't find your explanation confusing, I understand exactly what
you mean. I don't know if a way to do exactly what you're asking for,
though. As far as I know, you will need to update the DNS on the DMZ
box to match both what is in the ISP's zone and also whatever internal
entries you need.
Perhaps someone who knows more about DNS than I do will have a fix for
you, though :)
Another option would be to use a different domain for the internal
addresses, and then have the ISP resolve all the queries for the
external domain. So if you were using foo.com for the main, external
domain, you might grab foo.net and use that for the internal addresses.
Rich
