none
Setting Forward Lookup Zones in DNS based on the port queried

    Question

  • I have the following problem.

    We are using Dynamic DNS to access our site and the modem/router differentiates via port forwarding what server the query goes to based on the port number ie all request go to abc.dyndns.org:port number.

    Based on the port eg. port 3389 goes to server1 (192.168.0.1), port 8080 goes to server 2(192.168.0.2), port 80 goes to server 3 (192.168.0.3). This all works well if you are entering from OUTSIDE the local network.

    INSIDE the local network, I have setup a Forward Lookup Zone on a Domain server using DNS where the Host A resolves abc.dyndns.org to the local IP address of server 1 (192.168.0.1). This works fine.

    How do I get the abc.dyndns.org:other ports to go to the other servers IP addresses as you can only setup one Host A record of  abc.dyndns.org to one address 192.168.0.1, if someone queries from INSIDE the local network as the modem/router does not come into play?

    Thursday, November 21, 2013 11:40 AM

Answers

  • DNS can't do this.

    It's rather difficult to set this up with a single name of "abc.dyndns.org." My suggestion is to create different names for each service, and mirror those names on the public records, too.

    For example (using Exchange mail records as an example), and note, you can create these as Forward Lookup Zones, then create a blank A (host) record (leave the hostname blank), and give it their respective IPs. And this is using the public name, so it works internally to point to the private IP, and of course do it externally to point to the public IP.

    mail.domain.com   A   192.168.0.1
    legacy.domain.com  A  1292.168.0.2
    publicfolders.domain.com  A  192.168.0.3

    Then as I've implied above, on the public records, recreate the same exact record names, but of course only use the one WAN IP that you're already using, but stipulate the port in the client.

    This way it works for internal and external clients, as well as laptops that are in the field and return internally. I do this all the time with my customers for Exchange. Works like a charm.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Friday, November 22, 2013 12:57 AM

All replies

  • DNS can't do this.

    It's rather difficult to set this up with a single name of "abc.dyndns.org." My suggestion is to create different names for each service, and mirror those names on the public records, too.

    For example (using Exchange mail records as an example), and note, you can create these as Forward Lookup Zones, then create a blank A (host) record (leave the hostname blank), and give it their respective IPs. And this is using the public name, so it works internally to point to the private IP, and of course do it externally to point to the public IP.

    mail.domain.com   A   192.168.0.1
    legacy.domain.com  A  1292.168.0.2
    publicfolders.domain.com  A  192.168.0.3

    Then as I've implied above, on the public records, recreate the same exact record names, but of course only use the one WAN IP that you're already using, but stipulate the port in the client.

    This way it works for internal and external clients, as well as laptops that are in the field and return internally. I do this all the time with my customers for Exchange. Works like a charm.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Friday, November 22, 2013 12:57 AM
  • Will give this a go. Makes sense.

    Thanks for the input.

    Monday, November 25, 2013 10:06 AM
  • Will give this a go. Makes sense.

    Thanks for the input.


    Let us know if it works for you. :-)

    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, November 25, 2013 7:36 PM
  • This all worked fine. I created various external domains to forward to the various machines and mirrored them in the Forward lookup zones internally.

    mail.domain.com resolves internally and externally.

    My problem comes in that in the URL address that is used to access the server from EXTERNAL includes the port number (this is entered in a program as the address) ie using the above example

    http://mail.domain.com:8083/folder  

    I cannot enter "mail.domain.com:8083" as the forward lookup zone INTERNALLY. It is the 8083 that is the problem.

    Without the 8083 the modem that routes the traffic coming in, does not forward it correctly as the requests are based on the port number (8083). So I cannot just drop the 8083.

    Any ideas on this?

    Wednesday, December 04, 2013 2:07 PM
  • As I said before, DNS doesn't do this. DNS has nothing to do with ports resolution. It's purely a name to IP or IP to name resolution. THAT'S IT!

    But you can port translate each individual port from the WAN IP to different IPs  internally. I thought I said that earlier? Maybe I wasn't clear. I apologize for not fully explaining it, for I thought you understood that part.

    Revisiting the bottom of your original post:

    INSIDE the local network, I have setup a Forward Lookup Zone on a Domain server using DNS where the Host A resolves abc.dyndns.org to the local IP address of server 1 (192.168.0.1). This works fine.

    How do I get the abc.dyndns.org:other ports to go to the other servers IP addresses as you can only setup one Host A record of  abc.dyndns.org to one address 192.168.0.1, if someone queries from INSIDE the local network as the modem/router does not come into play?

    You still have to specify the port internally. Assuming mail.domain.com is server4 (since you didn't specify that port in your original post), you simply create a mail.domain.com zone and give it a blank IP for (making this up) 192.168.0.3, then type in the same exact thing you would do from the outside:

    http://mail.domain.com:8083/folder  

    -

    Like I said, it's in the application. DNS just resolve to an IP. There are 65,536 port numbers, and DNS does not deal with resolving any of them. That's the responsibility of the application or service and the client (such as a browser) connecting to it.

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, December 05, 2013 6:40 AM
  • You were quite clear originally. Thank you. I got all of what you suggested working perfectly.

    Found that the  http://mail.domain.com:8083/folder resolves internally from the browser. Will check whether the application where this is entered also works.

    Thanks again for the help.

     

    Thursday, December 05, 2013 7:12 AM
  • Good to hear!

    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, December 05, 2013 4:49 PM
  • I have exactly similar issue...could you please help me to fix it...Thanks.

    Tuesday, May 06, 2014 1:52 PM
  • What exactly is your similar issue? Each scenario is different. Please post your scenario.

    Ace Fekay
    MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, May 08, 2014 1:30 AM