0

We have one server in the Intranet, which is acting as DHCP, DNS, Domain Controller, IIS, ... The server is in the DMZ and hosts some websites. There are several URLs directing to the server and with the former Netgear router it worked to access the external IP address and it would automatically redirect the DMZ.

With the new router, this doesn't work anymore, that's why I've added the domain names in a modified version (.local appended) to the forward lookup zone of the DNS server. This works now on the server itself, but doesn't work on any other device connected to the network.

As suggested in Intranet with local DNS resolution issues our DNS is the only one configured on the clients.

The server is running Windows Server 2012 and the clients are running Windows 7 and Windows 8. However running nslookup on the clients gets the correct address but performing a ping afterwards not anymore, also ipconfig /flushdns didn't help, any other thing I can try?

Thanks

Community
  • 1
peter
  • 135
  • 1
  • 11
  • 1
    It's generally helpful if you describe the problem and attempted solutions, instead of incorporating them by reference. There may well be a difference that isn't apparent. – Falcon Momot Jan 25 '14 at 02:22
  • Sorry I was trying to fix it the whole day so it might have been way to obvious for me what I wanted to know - hope the changes make it more clear – peter Jan 25 '14 at 10:36

2 Answers2

0

mDNS may interfere with you using the .local domain - http://en.m.wikipedia.org/wiki/.local

This is why its not recommended to make up your own domain names. .local is actually used.

Though windows doesn't have mDNS natively it often comes bundled with apple software. So check the PCs for zeroconf or similar software.

You may have to setup split horizon DNS. This is where external dns clients get sent the public IP but internal ones get sent local addresses.

Or fix the new router to work the way the old one did, allowing you to use the external IP internally. This may be configurable on the new router - its usually called nat loopback or hairpin nat.

Also, having a domain controller in the DMZ may not be the most secure way to do things...but that's a subject for a different question.

Grant
  • 17,859
  • 14
  • 72
  • 103
0

The solution to the problem for me was to disable IPv6 on the client computers (which is enabled by default in Windows 7 and Windows 8). This was necessary even after I've added IPv6 records to the DNS.

peter
  • 135
  • 1
  • 11