No announcement yet.

resolving URL from inside firewall

  • Filter
  • Time
  • Show
Clear All
new posts

  • resolving URL from inside firewall

    I posted this on Cisco's forum, although I think this question is better suited for this forum.

    Q: I have a server on the DMZ of a pix firewall, this server belongs to the domain on the inside of the firewall. I have the default dns setup to point to the outside of the firewall DNS server, which allows me to connect browse the internet. I've created a lmhosts file which allows me to resolve all inside nodes including the domain controller. The problem I have is when I use this configuration, for whatever reason I'm having problems seeing domain accounts when setting up security on folders (all domain accounts show with question marks). When I setup the server default DNS to point to the inside DNS server I have no problems setting up security (although I can't get to the internet). The firewall is open between the DMZ and the inside.
    Any ideas?
    Last edited by ozbie; 5th March 2007, 19:47.

  • #2
    Re: resolving URL from inside firewall

    in one sentence, the first configuration (with the LMHOSTS) is not supported and will not work. in order to properly work within a domain environment you need to specifiy an internal Domain name server (DNS) which is probably you DC.
    you can spcifify Forwarding for DNS queries from the DC to the external DNS server, but you clients must be defind to have the internal DNS as their DNS server.

    why do you want this (lmhosts thingy) configuration anyway ?
    Yaniv Feldman
    Microsoft Security Regional Director
    Microsoft Management Expert


    • #3
      Re: resolving URL from inside firewall

      Isn't LMHOSTS for WINS??

      In this scenario yanivfel is correct that you need an internal DNS server that will forward to an external DNS server.

      In your internal DNS server you can then create an 'A' record that would point to the IP address of the server in your DMZ.


      • #4
        Re: resolving URL from inside firewall

        Originally posted by ozbie View Post
        The firewall is open between the DMZ and the inside.

        Do you mean one way or 2 way (initiated from internal is allowed and from the dmz is allowed?)
        Technical Consultant

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"