0

I have a domain and DNS server set up using Windows Server 2012 R2. The local domain is a subdomain of my public one, and I have a forward lookup zone configured for it in my DNS server.

i.e.

  • local: lan.publicdomainname.com
  • public: publicdomainname.com

The DNS records for publicdomainname.com are stored with the public DNS on the registrar. (godaddy in this case). lan.publicdomainname.com is not stored with that DNS server.

I have several local servers that are listed on the public DNS as subdomains.

for eample:

  • server1.publicdomainname.com
  • server2.publicdomainname.com

These can be accessed using those URLs from outside the local network just fine, but don't work while connected to the LAN.

Should I be adding a new Forward Lookup Zone to my internal DNS server named publicdomainename.com?

edit:

Seems like I should either be using hairpin NAT or split DNS. From what I understand a hairpin NAT causes extra processing to be done on the router for local traffic, and a split DNS requires an extra set of records to manage. for just 3 or 4 servers, which methods is better? Are there canonical guides to set each of these up? (on Windows 2012 and tomato/linux router respectively)

waspinator
  • 558
  • 2
  • 12
  • 22
  • 1
    The linked question covers the options you should be looking at to solve this - split DNS or hairpin NAT. Let me know if there are aspects of your question that aren't covered there - we can edit this and re-open it if that's the case. – Shane Madden Jun 24 '14 at 22:40
  • 1
    `Should I be adding a new Forward Lookup Zone to my internal DNS server named publicdomainename.com?` - No you shouldn't. Your internal DNS server is authoritative for `lan.publicdomainname.com`. Your external DNS servers are authoritative for `publicdomainname.com`. Your internal server will use the same method (forwarders or root hints) to resolve `publicdomainname.com` for internal clients the same way it resolves any other domain name for which it is not authoritative. This is not a DNS issue, it is most likely a hairpin NAT issue. – joeqwerty Jun 24 '14 at 23:16
  • @ShaneMadden seems the original question covers the main concept, but I was hoping for some more details, like which one is better, and perhaps a resource on configuring them – waspinator Jun 25 '14 at 02:54
  • @waspinator "Better" depends on whether you want to maintain a second copy of DNS zones or whether you want to have traffic double-traversing the link to your firewall with hairpin NAT. As Joe mentioned, hairpin NAT is generally cleaner. The specifics on how to put them in place will depend completely on the implementation details of your network, so there isn't a way to have a guide that's applicable to all situations. You could ask a new question with the details about your firewall and NAT setup about how to implement hairpin NAT in your network? – Shane Madden Jun 25 '14 at 04:05

0 Answers0