02-18-2016 08:24 AM
I was asked to create a forward zone for an external url which is hosted by a Saas provider. We have a Grid with Internal view and external view. My question is do I need two forwarding zones one internal and one external? For now I've created it on the external, and I can resolve from the outside, however from the inside network I can not resolve, but when I tried creating an internal zone I still could not resolve maybe it's a different zone on the inside that I need what am I missing?
02-19-2016 11:13 AM
Could you provide some additional context here? Are you looking to forward a particular domain to a specific DNS server that is hosted by an external provider? Do you need this to be available only within your infrastructure (internal view) or to the outside world as well (external view)?
Assuming you need this forwarding to occur for a zone that is resolvable to your internal network, then you would need to create this on your internal view and also validate that your internal appliance providing this view is able to reach the DNS server you are forwarding to (firewall rules, etc).
Hope that helps and please provide some additional details on the specifics for more assistance - thanks!
02-24-2016 11:13 PM
you would need to create the same zone on internal as well as external, since your internal client falls in the internal view.
Are you not recieving any answer when you try to resolve this domain internally. if not it should be a config issue.
If you are recieving the answer and even then unable to get the page, this could be a route issue. Are your dns servers able to send the queries to the SAAS servers? Is there a NAT correctly setup?
03-02-2016 11:02 PM
Hi, yes I'm looking to looking to forward a particular domain to a specific DNS server that is hosted by an external provider, and make this available on the internal view. The way I have it now is that I created the forwarding zone on the outside view and can resolve on the outside, but not the inside. So it sounds like I have this reversed, and need to create this zone not on the external view but yet on the internal view and this will resolve for both outside and inside is this correct?
03-04-2016 09:03 AM
Yes, you will want to create the forwarding zone in the internal DNS view. Unless you need this specific forwarding to also occur for any clients that query your external view then you would not need this zone also created in your external view.
Your appliances on the Internal view will need to be able to reach the external authoriative DNS that you are forwarding the queries to. Depending on how the infrastructure is setup you may require firewall rules to allow the outbound/return DNS quries. This would be the case if you currently forward from your internal appliances to a caching layer or specific forwarders for Internet recursion and have the firewall(s) appropriately locked down to only allow this traffic.
Hope that helps!