1

I have a problem in which I cannot access a server using its public name from the same network as the server. Access to the server works fine from the internet.

Reading up on this problem, I've ran across such things as hairpin NAT, loopback NAT, split DNS, editing hosts files, etc.

My network has a SMC 8013WG-CCR (Comcast) cable modem connected to a Linksys WRT54G2. As I understand, the router is supposed to handle this sort of loopback (by leaving the security option "Filter Internet NAT Redirection" disabled), but the connection between these two devices is a secondary LAN, so I don't think the router "knows" what the proper public IP address is.

The easiest solution would be to edit the hosts files of all the computers in the network, but many are notebook computers which will need to access the server both on the LAN and externally.

The server is Windows Server 2012, so I could set it up as the internal DNS server but I don't have enough experience with this to really understand how it would interact with the router, DHCP, etc.

I am prepared to purchase a new router if I need something with greater capability. It appears from my research that most IT admins prefer to solve this problem with split DNS rather than hairpin NAT. I understand the concept of hairpin NAT more clearly than split DNS. It seems to me that the router just needs to provide LAN clients with the local IP of the server when clients use the public name (sub.domain.com). Isn't that just an entry in a local DNS cache? Is that what split DNS does?

What would be a good solution to implement this fix for a small business?

JYelton
  • 226
  • 4
  • 16

1 Answers1

2

Split DNS is the least painful if your Gateway/Firewall does not allow loopback/hairpin access. This requires that you set your internal DNS server to be the primary lookup for all internal hosts and configure it to have a "copy" of the public domain records, with the respective internal IP addresses replacing external/public IPs.

The drawback to Split DNS is that it requires you to maintain two sets of records for the public domain.

Allan Holtzmann
  • 36
  • 3
  • There currently is no internal DNS server. The Linksys router provides the DNS server addresses that are obtained from the ISP. – JYelton Oct 13 '13 at 19:47
  • Understood. Disable DHCP on the Linksys, give the Windows 2012 Server a static IP address, then enable DNS & DHCP on it. This will give you control over the internal network traffic/name resolution. – Allan Holtzmann Oct 13 '13 at 20:02
  • And at that point I just need to add an entry to DNS so that local users get the local IP of the server. Sounds like that should work. – JYelton Oct 13 '13 at 21:46