Here's the setup. We have a consortium of three different\separate
domains\organizations A.org, B.org, and C.org that are sharing a domain
D.org. The server they share\use is housed at domain A.org. Domain A.org
also maintains the primary nameserver for both internal and external DNS.
The server they share has two nic cards in it, each having a different
subnet address for the internal network. Nic A 192.104.39.226 (label D.org)
and Nic B 192.104.40.225. (label D-2.org)They all use one external address
and the domain name D.org for the external network Domain A.org uses the
subnet 192.104.39.0 and the other two domains B.org and C.org both use the
subnet 192.104.40.0. Domain A.org has a zone setup in it's internal DNS
with an A record that maps D.org to 192.104.39.226. The other two domains
B.org, and C.org do not have zones setup on their internal DNS. Domain
A.org has a zone setup for external DNS for domain D.org. There is an A
record in the file that maps
www.d.org to the external address 205.46.83.71.
We have a firewall setup that nat's the address 205.46.83.71 to
192.104.39.226. We're switching ISP's and I changed the external address to
4.36.130.71 in the zone file and on the firewall. From the outside all
seems to be working well, other than reverse lookup is not enabled, you can
get the page displayed with no problem if you use
www.d.org , and nslookup
and dig return the correct nameserver information. The problems are on the
internal subnet 192.104.40.0. Primarily with domain C.org. Since the
change of the external ip address domain C.org cannot attach to the server
via http. Domain C.org can ping and telnet to the server nic
192.104.40.225, and login via telnet.
Here's the problems. The domains B.org and C.org cannot resolve the name
D.org. I'm told they do not need zones setup in there internal DNS. That
when the query to their internal DNS for
www.d.org fails, the query will be
sent out to the Internet and the primary nameserver housed at domain A.org
will resolve the name
www.d.org to 205.46.83.71, the firewall then nat's it
to 192.104.39.226, and the page is displayed. This is not working, domains
B.org and C.org get (page not found) via a browser when using the DNS name.
Domain B.org can connect and display the page if it use's the ip address
http://192.104.40.225. The domain B.org admin tells me the DNS name
resolution has never worked from day one, they have always had to use the ip
address. Domain C.org cannot get the page displayed period, the domain
C.org admin tells me they have always used the DNS name and not the address.
Now, neither domain can ping by name. Both can ping and telnet successfully
by using the ip address 192.104.40.225.
Do we need to setup something in domain A.org's internal DNS to map the ip
address 192.104.40.225 to d-2.org or should it be
www.d-2.org ? And, tell
domains B.org and C.org to use that DNS name? Or, is there a way to set up
the configuration in domain A.org, so all three domains can use D.org or
www.d.org internally? What would prevent domain C.org from being able to
connect via http, when you can ping and telnet to the ip address? This
really puzzles me. The outside world and domains A.org and B.org can connect
via http, even though domain B.org has to use the ip address rather than the
DNS name. Domain A.org, has no problems connecting via DNS name or ip
address, it can ping and telnet also. Do we need to setup something (a zone
or an A record and PTR record) in domains B.org and C.org's internal DNS
that would map an ip address (192.104.40.225) back to d.org or d-2.org? Or
should the external nameserver be resolving the name for us? I fail to see
why changing the external ip address in the zone file and on the firewall
would prevent domain C.org from connecting via http. I assumed that with
them being on the internal network, that the change would not have an impact
on them. Is this assumption correct?
