Access internal web server with domain name

pts.
Tags:
Desktops
DHCP
DNS
Management
Microsoft Windows
Networking services
OS
Security
Servers
SQL Server
I was wondering what is the best method for allowing internal computers to access our locally-hosted web server with www.somedomain.com? I believe the internal clients are unable to do so because of how firewalls/NAT works (?). Is there a way I can add an entry in my DNS server? I am using Windows Server 2003. Thanks!

Answer Wiki

Thanks. We'll let you know when a new response is added.

There are several factors, depending on how you have things set up.

If your internal clients can access the web in general, then it’s just a matter of adding the web server address to the DNS. This will depend to some extent on whether your internal domain name and external domain name are set up. It’s very common these days to run two different DNS domains such as somedomain.local (inside) and somedomain.com (outside). Older setups often split the same domain – two different servers, both hosting the same domain inside and outside, but with different data (and usually some overlap). In those cases, you just add the A records to the internal copy.

If your internal systems CANNOT reach the internet, then a single purpose proxy server is probably your best bet, which would include adding the web page A record to your internal DNS with the IP pointing to the proxy server.

Good luck,

Bob

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Skepticals
    Thanks for the reply, I have an internal domain.local and a .com. I believe I will just have to add an entry to the DNS. Excuse me ignorance, but after adding this entry, will this propagate to other DNS servers? We point our DNS server to one outside of the domain and that DNS server points to the ISPs (I assume). I am new to the specifics of DNS; I want to understand it. I believe I need an entry in DNS that would translate the www.domain.com to the internal IP address, is this correct? How do I add such an entry? Does this propagate to other DNS servers? Thanks for your help.
    0 pointsBadges:
    report
  • Bobkberg
    The only DNS servers that any change will propagate to are those which are secondary servers. DNS information on any domain or subdomain depends on 1) What servers choose to query your primary server and 2) Whom you choose to allow this privilege. If you are properly locked down, then you will also have to add your internal server as authorized to do zone transfers (the mechanism by which secondary servers get their updates). Hope that helps, If you need more specific info (depending on your name server specifics), then write back. Bob
    1,070 pointsBadges:
    report
  • Skepticals
    Bob, I believe my DNS server is configured correctly. How am I best to add an entry that translates an external domain name to an internal IP address? This is Windows 2003 Server.
    0 pointsBadges:
    report
  • Sonyfreek
    You'll probably have to create a new domain named whatever.com on your DNS server. You'd then put the DMZ address for www in the zone file so that it knows where to get to it in the DMZ. You'll need to ensure that you have a firewall rule to allow this to get from the internal network to the web server in the DMZ. This rule will be different than your external rule for outsiders to get to the web server. You don't need to propagate the zone or setup a secondary DNS on your other DNS servers, unless you have a rather large network that it would be more efficient to host it once per site. SF
    0 pointsBadges:
    report
  • Wrobinson
    The easiest way to accomplish this is using what is known as split-brain DNS. You don't want internal users going out to the Internet and back in anyway, because that will cause unnecessary WAN traffic. Instead, point them to the internal IP address(es) of the system that you would like them to have access to.
    5,625 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following