INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Networking Accessing Site Locally  (Read 10115 times)

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Networking Accessing Site Locally
« on: July 09, 2009, 11:21:04 am »

This networking question has plagued me for years.  I have, for a very long time, hosted several resources on my many domains including a web and email server.  Externally, of course there is no problem.  The domains direct to my static IP, whit hit my modem and get port forwarded to the appropriate server--just one, internally at 192.168.2.2.

Now consider accessing this same setup from inside the LAN.  I'll get the same IP address from the DNS lookup.  However, this fails.  Now in the past my solution was to use Smoothwall and setup static DNS entries in its DNS server.  However, this is a pain because I have to add them for all of my domains, meaning it has to be managed and kept up to date.  Previously, I was using the Airport Extreme as my gateway.  This actually worked!

The logic seems to be that if the modem gets traffic to itself (which I assume the traffic at least hits it) then it should forward based on its port forward settings to the IP address for the requested traffic port.

Currently, I am using the Actiontec M1000 modem which does have a built in router and NAT.  I had Smoothwall in the mix but it introduced network problems I could not deal with at the moment.  Can someone explain what is going on here?  This is a very general question I think and is meant to give me the information I am missing for understanding this.  Honestly, I can understand why it might not work--but I still need to resolve this.

A trace route on my domains internally simply shows Time Out entries.

Thanks!
Logged

newsposter

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 789
Re: Networking Accessing Site Locally
« Reply #1 on: July 09, 2009, 01:06:20 pm »

do you have rip1/rip2 turned on for the whole network?
Logged

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #2 on: July 09, 2009, 02:24:50 pm »

It's great when you google terms like that and all the pages are people asking and the responses are Google it!

I do not believe it is turned on since it is mostly the default configuration.
Logged

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Networking Accessing Site Locally
« Reply #3 on: July 09, 2009, 06:55:02 pm »

You are asking about NAT loopback (allowing you to address your LAN / DMZ hosts from the LAN, using WAN IP addresses).  Smoothwall 3 Express handles this fine.  Many cheap, commodity routers do not.

But a better solution is use a split DNS, providing your LAN clients with LAN IPs and either your DNS server, or a public DNS server, provides the WAN IPs.
Logged
The opinions I express represent my own folly.

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #4 on: July 10, 2009, 01:26:25 pm »

Okay, I have made a tiny bit of progress.  I configured my Windows Server to be a DNS server and when I point to it with my desktop, I do in fact get the internal IP (as configured in the server) 192.168.2.2

However, when I enter this server as the DNS server + either the modem IP address or my ISP DNS server, I am unable to access any web sites.  Shouldn't the computer fail to find the entry in the primary DNS and then go to the secondary DNS?  If I put the secondary first it works fine.

Now I entered each and every domain I have as domain.com AND *.domain.com which is how I want it but is there a way to solve this issue entirely by checking WAN DNS and if the result is my public static IP address, then rewrite to 192.168.2.2?  This would mean each new domain I buy wouldn't need another entry...not a huge deal but less to worry about each time I decide to add another domain.

Thanks for the help!
Logged

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Networking Accessing Site Locally
« Reply #5 on: July 10, 2009, 02:08:03 pm »

Let's clarify.

You don't point your DNS server to your desktop - its the other way around.  Your desktop (and LAN systems) are set to query your internal DNS.

Do not also add your modem's internal cheap (most likely broken) caching DNS server, or your ISPs DNS server's address as the 2nd or 3rd DNS server's on your hosts.  Your Windows Server's DNS server will be your only one.

Secondary DNS servers are used ONLY after the primary server fails to respond within a timeout (10 seconds).  Either you are running a reliable DNS server, or you are not.  It will perform all the lookups, and you configure your LAN's DHCP server to hand out only this single DNS server.  All clients use it, and it will build up a rich cache of results as it performs queries for all you LAN clients.

Using your modem's or ISP server's too will create conflicts of your LAN v. WAN split DNS space.

As a side note: don't use a cheap router's internal DNS cache.  Almost all of them have broken DNS implementations, and have far too little RAM to be a rich cache anyway.  In otherwords, don't configure your LAN clients to use your router's IP as a DNS server.

There's no rewriting.  Add hosts to your internal and external DNS when you need them; this is the nature of DNS. You can create wildcard records as catch-alls.
Logged
The opinions I express represent my own folly.

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #6 on: July 10, 2009, 03:42:37 pm »

I do understand client > server but just mistyped.  I think I've got it working now.  In my router, instead of using dynamic DNS, I entered my server's IP address and my ISP's DNS as the secondary.  This is probably good for those times when the server is powered down.  I am now able to access my domains beautifully.

I won't have a chance to work on this more for a while but am interested in learning more about what I can do in this dns server.  I would really like to be able to route simple words to devices so I can type in "modem" and get the DSL modem.  I already think I can set this up based on the other setups I've done for my 13 domains.

Thanks Mr. C
Logged

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Networking Accessing Site Locally
« Reply #7 on: July 10, 2009, 08:57:06 pm »

What you are asking about in the last paragraph is called non-FQDN (non- Fully Qualified Domain Name) or unqualified host names.

The addition of the domain name (so that you can use unqualified host names) is done by the host operating system (the resolver).

On Unix / Linux systems, the line:

Code: [Select]
domain [i]mydomain[/i]
in /etc/resolv.conf handles this.

On Windows, set the "Primary DNS suffix of this computer" (Right click My Computer->Properties->Computer Name, and select Change, and then More.  Set the primary DNS suffix, and OK your way out.

Alternatively, you can use a WINS server (but avoid it unless necessary).  Windows machines will all participate in a workgroup or domain and will know each other's simple name (NetBIOS name).
Logged
The opinions I express represent my own folly.

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #8 on: July 13, 2009, 11:09:12 am »

I cannot seem to configure my modem / router correctly.  It has a field for DNS servers in the WAN IP address page and the DHCP setup page.  Are these the same?  I have tried both places.  I think the field needs my server @ 192.168.2.2 and my ISP DNS server as the secondary.  However, no matter what I change (dynamic, static, etc.) the computers always get 192.168.2.1 (the router IP address).

The modem is Actiontec M1000.  It has the latest firmware.  This seems strange that I keep changing this but don't seem to have much luck with client's using the correct server addresses.
Logged

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Networking Accessing Site Locally
« Reply #9 on: July 13, 2009, 12:17:11 pm »

On the DHCP settings page, under IP Addressing, you place your the LAN or DMZ IP of your DNS server.  The DHCP server should then pass clients that DNS server addresses.  If it does otherwise, it is a broken implementation.
Logged
The opinions I express represent my own folly.

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #10 on: July 13, 2009, 11:16:55 pm »

When I change the DNS server entries, it appears that only the second one will change.  The primary DNS always seems to go to the DSL modem.  What a huge pain.  This is so frustrating.  Network connectivity is priority one.
Logged

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #11 on: July 14, 2009, 12:09:25 am »

Could you please explain how I simply forward thenunemakers.com to 192.168.2.2 and reroute any other DNS lookup requests to my ISP DNS server (via IP address)?  I am looking but not having any luck.  I got the domain lookup to work but then I can't access any other web sites.  So I need the failed lookups to be forwarded to my ISP at that point.

Right now, I have my server's network configuration set to use my ISP DNS server.  A cached category has appeared in the DNS server list.  I think I am able to force using this DNS server by putting 192.168.2.2 in both primary and secondary entries.  So if my client computers are pointing only to the DNS server, how do the systems obtain public internet DNS entries?  At the moment, the best I can configure is either getting my local domains OR public domains.  If I point to my ISP, then I get public but not local domains.  If I point to this DNS server, I get local domains but can't access public domains (google.com).  What needs changed?

Thanks!
Logged

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Networking Accessing Site Locally
« Reply #12 on: July 14, 2009, 03:02:21 am »

When I change the DNS server entries, it appears that only the second one will change.  The primary DNS always seems to go to the DSL modem.  What a huge pain.  This is so frustrating.  Network connectivity is priority one.

If this DSL modem/router forces you to use its proxy dns or caching DNS implementation, get a better modem, or use static IP information on your LAN clients.  I've never seen one that does this however.

You have control over your clients.
Logged
The opinions I express represent my own folly.

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Networking Accessing Site Locally
« Reply #13 on: July 14, 2009, 03:27:45 am »

Could you please explain how I simply forward thenunemakers.com to 192.168.2.2 and reroute any other DNS lookup requests to my ISP DNS server (via IP address)?  

Clients are configured to query a DNS server; this is a global setting.  The low-level resolver library makes DNS queries for programs that request such.  The resolver calls upon the configured DNS server to handle the request.

In both *nix systems and Windows, you can configure a hosts file to be queries first.  This allows you to make the assignment like you are talking about.  Which platforms are you using?

Quote from: benn600
I am looking but not having any luck.  I got the domain lookup to work but then I can't access any other web sites.  So I need the failed lookups to be forwarded to my ISP at that point.

I don't understand this.  Use DNS diag tools to help you see the results of your DNS queries.  Try "nslookup" on either Windows or *nix systems.  Or "dig" or "host" on *nix systems.

Maybe its time for a little DNS background?

Quote from: benn600
Right now, I have my server's network configuration set to use my ISP DNS server.  A cached category has appeared in the DNS server list. 

Windows server?  I don't recall this - can you show a screenshot?

Quote from: benn600
I think I am able to force using this DNS server by putting 192.168.2.2 in both primary and secondary entries. 

Don't do that.  If you have only one DNS server available, configure only a primary.  The second and third DNS servers configured on a host are only queried *after* a timeout has occurred with the primary.  Placing the same server as the secondary will just double your timeouts, thereby taking our programs twice as long to come back with a message indicating a domain name lookup failure.

Quote from: benn600
So if my client computers are pointing only to the DNS server, how do the systems obtain public internet DNS entries?  At the moment, the best I can configure is either getting my local domains OR public domains.  If I point to my ISP, then I get public but not local domains.  If I point to this DNS server, I get local domains but can't access public domains (google.com).  What needs changed?

Yes, it is time for some DNS background.  Try a quick review of class notes, lab, and homework: DNS I : http://cis68c2.mikecappella.com/

The DNS server you configure your hosts to use must be recursive resolving servers.  In other words, they must provide an answer to the query for the client.  So the DNS server you configure your hosts to use will know how to perform the recursive lookups.  On a LAN where you want to resolve LAN host names via DNS, use your own DNS server configured to be authoritative for your zone (i.e. domain, essentially).  That DNS server *knows* which zones it is authoritative over, and which ones it isn't.

Again, the notes and homework above should give you a little better understanding.

It might also be worthwhile to describe your network and clients.

This is way offtopic - perhaps we should take this offline.
Logged
The opinions I express represent my own folly.

newsposter

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 789
Re: Networking Accessing Site Locally
« Reply #14 on: July 14, 2009, 04:02:11 am »

Consumer 'routers' that will take a dd-wrt load and thusly become a Real Router commonly costs $50- or so.
Logged

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #15 on: July 14, 2009, 12:44:56 pm »

Is there no simple way for me to configure my domain (I can add more easily) plus forward any non-found requests to my ISP DNS server?  This seems like two configuration issues.  I already know how to add domains and it works.
Logged

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Networking Accessing Site Locally
« Reply #16 on: July 14, 2009, 01:13:34 pm »

Benn600.  What do you mean "configure my domain"?
Logged
The opinions I express represent my own folly.

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #17 on: July 14, 2009, 03:20:13 pm »

Set up a DNS entry for thenunemakers.com to resolve to 192.168.2.2

For every other domain in the world, check my ISP DNS server.

I already achieved the first step.  But the problem is that then I couldn't get to google.com, jrmediacenter.com, etc.  I can only get to what I entered into the Windows DNS server.
Logged

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Networking Accessing Site Locally
« Reply #18 on: July 14, 2009, 03:26:31 pm »

Right, I get that.  But set up a DNS "entry" where?  You're going to have to explain how and where you setup the "entry".  Explain this in detail for best help.
Logged
The opinions I express represent my own folly.

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #19 on: July 14, 2009, 03:40:39 pm »

lol

All this time I thought we were talking about Windows Server 2008 DNS Server.  If you have a better suggestion let me know but I have already set this up once and it almost worked!

I assume I can add computer name entries as well--my server is named alcohol so I'll want that linked to the same IP address.  Again, I think I can figure this out.  I just need non-found lookups to be forwarded to my ISP DNS server (IP address) which I have not figured out how to do.

Thanks
Logged

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Networking Accessing Site Locally
« Reply #20 on: July 14, 2009, 03:46:37 pm »

Actually, you also mentioned the DNS on your modem/router.

I don't understand why you want to bother using your ISPs DNS servers, when you have a perfectly capable DNS server running already!

The Windows DNS server can perfectly well handle the DNS activities.  It will build up its own cache anyway, so use it for fast response.

If you don't want that, then configure it as a forwarder, only answering queries for its own zones.

User proper nomenclature, and you'll be understood better (at least by me).  ;-)
Logged
The opinions I express represent my own folly.

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #21 on: July 14, 2009, 04:09:42 pm »

That is fine.  That sounds excellent!  But whenever I point my computers to this DNS server, I can't get to web sites. (google.com)

So why is this?  I have the computer configured with a static IP and have added my ISP DNS server into the network setup area.  Without doing adding my ISP DNS to the network setup, I can't access any sites on the server (and it can't send email to domains).
Logged

newsposter

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 789
Re: Networking Accessing Site Locally
« Reply #22 on: July 14, 2009, 05:42:32 pm »

adding an external dns server (your isp) to the networking setup on the win28k server does not automagiclly add it to your servers internal DNS server.

remember that 'servers' are both physical hardware and virtual software elements.  sometimes they are related, sometimes on the same hardware, sometimes across the planet.  and sometimes not.  it is very important to know and realize the differences between the two.  it is also important to realize that just because you have one 'server' configured it does not mean that you have other, seemingly related 'servers' configured as well.  each physical and virtual instance of a server/service generally requires their own configuration effort.
Logged

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #23 on: July 14, 2009, 05:56:28 pm »

The question at the moment:

I have Windows 2008 DNS server setup and functioning as expected.  Upon setting it up, there are no DNS entries (right?)  For simplicity, let's say I leave it this way!  All I want is this server is to be a cache.  Where does it gets its DNS entries?  Clearly my server does not inherently know google.com, jrmediacenter.com, etc.  I've set this up but when I manually enter this server as my workstation's DNS server, I am unable to browse any web sites due to DNS lookup failure.

Does this specific question make sense?  Or am I missing something else?  I am led to believe if I knew this I would be able to resolve this completely (hehe, get it, RESOLVE)
Logged

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Networking Accessing Site Locally
« Reply #24 on: July 14, 2009, 06:16:38 pm »

Your questions demonstrate a lack of understanding as to how DNS works.  Spend some time learning the basics of how DNS and resolvers work.  This is necessary for anyone who wants to run a DNS server.
Logged
The opinions I express represent my own folly.

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #25 on: July 14, 2009, 08:20:43 pm »

From what I understand, there is a hierarchy of DNS server that each capture a domain space and if a requested resource is out of the server's authoritative space, it will forward the request on.

I'm fine with no DNS server.  I just have to do this so I can access my very limited internal domains.  I guess I'll go read up to figure out where the "forward unknown resources to this IP address" box is.
Logged

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #26 on: July 14, 2009, 09:55:04 pm »

This article seems to talk about exactly the problem but doesn't give much of an answer:
http://windowsitpro.com/article/articleid/21903/in-a-multi-dns-server-environment-how-do-i-configure-the-dns-servers-to-resolve-both-local-and-remote-hosts.html

Consider a small business who has their own DNS server.  Do they have to enter google.com into it?

I know DNS servers are, basically, a phone book of names (google.com) and numbers (192.168).  What about some random web site that someone decides to go to?  How does this DNS server get the IP address?  I setup DHCP and DNS on my server and things are going so great except I can't access public web sites.  I can access my own domains and servers via their name (which I entered into the DNS server).
Logged

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #27 on: July 14, 2009, 10:33:20 pm »

What a relief!  I have the critical functionality working.  But it still isn't perfect.  Here is a screenshot of what I have right now:


As you can see, I have my domain setup as well as "alcohol" which is the name of my server.  At the moment, I am using conditional forwarding to forward requests for .com, .net, .org, etc. to my ISP DNS servers.  This gives me both local resources (domains, server, etc.) as well as public resources.

I will be adding a lot more entries for the rest of my domains and other interesting simple name items (alcohol, hdhomerun1, hdhomerun2, colorprinter).

Now the real question: is there a way to forward non-found requests to my ISP DNS server without having to list all these top-level domains?  What if I try to go to an Armenian site (.am)?  Clearly I don't have that as an entry.  I don't want to have to enter a complete list of top level domains if I don't have to.
Logged

MrC

  • Citizen of the Universe
  • *****
  • Posts: 10462
  • Your life is short. Give me your money.
Re: Networking Accessing Site Locally
« Reply #28 on: July 14, 2009, 10:41:31 pm »

I'll repeat.  Learn about how DNS works; don't be lazy.

You do not need to do any of what you doing.  DNS servers KNOW how to lookup ALL existing public domains, and any private ones they are configured to know about.  That's their job.  Your job is to now learn how it works.

My DNS server knows my domains.  That's it.  It asks for the rest.
Logged
The opinions I express represent my own folly.

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Networking Accessing Site Locally
« Reply #29 on: July 15, 2009, 01:05:36 am »

The trouble is that all along I understood the basic principles.  I had a couple things incorrectly configured each time I tried this.  The latest mistake I made was not putting in the correct router IP address to the DHCP server.  Anyway, when it was corrected I did not try again not adding .com to the forwarder.  Removing these did not break anything.  So now my list is the same except without all those unneeded com, net, tv, etc. entries plus a lot more DNS entries.  It's basically exactly what is needed completely.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re: Networking Accessing Site Locally
« Reply #30 on: July 15, 2009, 07:51:32 am »

This topic isn't appropriate for this forum.  Locking it now.

Thanks MrC, for trying to help.
Logged
Pages: [1]   Go Up