0

I am quite a newbie at this, so please spare me the stick. I have the following networking topology - Comcast Business Gateway<->SonicWall TZ Router<->LAN (Mac OS X Servers). I am using my MacPro as a DNS Server and I have plugged its static LAN IP in my router as the primary DNS server. I have assigned FQDNs to static IPs of various other LAN machines on the DNS Server. I am able to access these servers through their FQDNs internally, within the LAN.

However, external to the LAN, I am totally not able to get to these machines via the FQDNs. I have my FQDNs all under the same domain, like fqdn1.domainname.com/fqdn2.domainname.com and so on. My domainname.com resolves to only one of the servers behind the router. I have just one static public IP (WAN IP) which is mapped to domainname.com.

My question is - How do I get to other machines through FQDNs? Where should I look? Also, does each FQDN need a separate public static IP (WAN IP) to resolve?

Really appreciate you help on this!

prodigy1485
  • 1
  • 1

2 Answers2

0

You're actually asking about two different problems.

  1. How can I make computers on my LAN accessible from the internet?
  2. How do I configure DNS so that the computers on my LAN have names which are resolvable on the internet?

The first question carries the most risk. Any computer which can be accessed from the internet is a target for worms, hackers, and other evils. Creating a DMZ will help to isolate your public computers so that the private ones stay private. I strongly encourage you to do your research and understand what you're getting into before actually setting this up. Given that you only have one IP address, you'll need to use port forwarding to make services available from more than one computer.

As for the second question, computers external to your LAN can't resolve the names of your internal computers because they don't know where to look for the answer. The computers inside your LAN know to ask your private DNS server because they got that information through DHCP, along with their IP address. You really should spend some time learning how DNS works. To get you started, the first step is to register your domain name with a registrar.

Update: You've registered a domain name? That's a great start. I assume that you have "mapped" your domain name to the static IP of your server using a web-based control panel provided by your domain registrar to create an "A" record. There are a couple ways you can proceed at this point.

  1. Add A records to the DNS zone of your domain for each internal machine. This is called split DNS, because you are maintaining two copies of the same DNS zone: one for your internal clients, and one for the public internet.
  2. Delegate authority over a subdomain (such as internal.contoso.com) to your internet-facing DNS server. You do this by creating an NS record. This would require some reconfiguration of your server, as you would access hosts in the format of host1.internal.contoso.com.

Also, some clarifications about the terminology; consider this example: foo.example.com

  • The "host" or "hostname" part is foo
  • The "domain" part is example.com
  • The FQDN is foo.example.com
Nic
  • 13,425
  • 17
  • 61
  • 104
-1

I understand the security requirements, and I will be setting up separate DMZ and LAN subnets. I do have a cursory understanding of DNS and how it works. Also, I do have a domain name which I have mapped it to my static public IP.

I am mainly looking at getting to different computers on my LAN (it will be authenticated entry from a server on DMZ, so that it's not insecure) through FQDNs, which are basically sub-domains of my domain name. Should I be using different public static IPs (one for LAN and one for DMZ?).

prodigy1485
  • 1
  • 1
    It is better to respond in the form of a comment, because this isn't actually an answer to your question. For longer responses, you can also edit your original question. – Nic Jan 28 '11 at 16:02