0

There is a Windows server 2008 in my company LAN, that acts as a DNS server. In thesame LAN there is a linux server running redmine website (192.168.1.85). I want it to be reachable directly from the LAN and from INTERNET, simply using this address project.xxx.com.

My problem is that I often have project.xxx.com unreachable from local network, for maybe 10 mn where I will be redirected to the company public IP xxx.xxx.121.254. See wireshark scan below. wireshark NOT OK And then after some times, I will finally be able to reach the server local address (192.168.1.85) using project.xxx.com. See below wireshark scan when everything is OK: Wireshark OK On the windows DNS server, I added a forward lookup zone as shown below: forward lookup zone And here are the forwarders and Root hints: forwarderroot hints

and finally, all the windows clients are using the windows DNS server as shown below: enter image description here

  • Is the problem coming from the configuration of the DNS server?
  • Even after flushing the windows DNS cache (#ipconfig /flushdns) same problem.

I'd be grateful to have some advices on this problem, thank you.

ps : my computer ip is 192.168.1.62

Sulliwane
  • 131
  • 7
  • *I want it to be reachable directly from the LAN and from INTERNET* - Please ensure that this machine is not providing an open resolver to the internet. And though this would also go without saying, under no circumstances should this server be promoted to a DC. – Andrew B Sep 12 '14 at 05:14

1 Answers1

0

There is an option in Windows DNS to return results in the order closest to the subnet mask of the client.

On the "Advanced" (seen in your screenshot), uncheck "Enable Round Robin" and Check "Enable Netmask Ordering" and restart the service and flush the client / server caches.

i found host project.xxx.com to return the best results. If DNS is returning IPv6 results, they may not be usable in your situation.

i cant tell from the info given, but it is best practice to create a corpprivate.xxx.com subdomain and so project.corpprivate.xxx.com would have the 192.168.x.x address and project.xxx.com would have the public IP address. That would also eliminate issues as nslookup project.corpprivate.xxx.com would only return the 192.168.x.x address and nslookup project.xxx.com would only return the public ip.

rjt
  • 578
  • 6
  • 26
  • thanks a lot for your answer. It's working fine until now. – Sulliwane Sep 12 '14 at 02:34
  • yes, but we have some laptop that travel in and out of the LAN, it's a bit troublesome to explain that they should either use one address or the other depending on their location (even more when they receive a link by email pointing to this website, that wouold not work depending on their location). I will try like this, and see if it's reliable with the time. – Sulliwane Sep 12 '14 at 03:39