Reply
Highlighted

Webserver in DMZ DNS setup

Member
Posts: 1
3556     0

I have recently installed a Server in Our DMZ cluster and I need to set up the DNS information within InfoBlox so that the users can reach it from inside and outside out network.  I am new to infoblox and could use wome guidance on this.  I have an external IP address and an internal IP address and a DNS name to resolve to.  What is the best practice for accomplishing this task?

 

Thanks Guys and Gals..

 

Jim

Highlighted

Re: Webserver in DMZ DNS setup

Adviser
Posts: 200
3557     0
What purpose will this server be used for? Will it be recursive for inbound->out traffic and authoritative for outbound->in traffic or are you planning on an open recursor?

Is the appliance connected only via LAN1 or are other ports planned for use?
Highlighted

Re: Webserver in DMZ DNS setup

Community Manager
Community Manager
Posts: 356
3557     0

To add to the previous reply- if this is just a web server that you are attempting to setup in DNS and not another DNS server, you can add either a Host record with both IPs, or two (or more) A records with the same name and the different IP's. Clients querying for the name will receive both IPs and generally will attempt to connect to the IP listed first in the response and then try the IP listed next if that connection times out.

 

You can also control the order in which the IPs are listed in the response by using the Sort Lists feature so if you know the network addresses that your internal clients will be using, you can order the internal IP first. You can find info on Sort Lists in the help in your Grid Manager GUI, or in the NIOS Administrators Guide.

 

Hope this helps

Highlighted

Re: Webserver in DMZ DNS setup

Authority
Posts: 20
3557     0

Hopefully, your infoblox deployment has split views for internal and external. I'm assuming that the DMZ server in question is either NAT'd or has an internal NIC (RFC1918 address) and external NIC (Public IP).

 

In order to accomplish this you need two views, one for internal resolution and one for external resolution. If you've ever managed BIND DNS servers this is a pretty common setup. Each view would have a zone for the server's domain name. You would just add two records for the server, one in the internal view with the private IP and the other in the external view with the public IP. 

 

This keeps your internal answers from being queried by the public. 

 

Hope this helps.

Highlighted

Re: Webserver in DMZ DNS setup

[ Edited ]
New Member
Posts: 1
3557     0

Hello,

 

What I found is that a DHCPRELEASE does in fact prompt the DHCP server to send a removal request to the AD DNS server. However, it only logs (shows up in SYSLOG) if the removal is successful. It does not appear to log at all https://krogerfeedback.nl https://talktosonic.onl https://talktowendys.vip https://whataburgersurvey.onl if the removal is refused by AD DNS unlike adding records. If adding a record fails, it generates a SYSLOG message stating "Unable to add..." the record, but there is no counterpart for removal. This is a bit of a frustrating oversight in my opinion.

 

thanks

jackyjoy

Showing results for 
Search instead for 
Did you mean: 

Recommended for You