Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Enthusiast Zone > Networking > Sitting on Multiple Subnets, and bad DNS design

Sitting on Multiple Subnets, and bad DNS design
Thread Tools
BkueKanoodle
Senior User
Join Date: Jan 2003
Status: Offline
Reply With Quote
Apr 29, 2003, 10:17 PM
 
Ok heres one for you. I have 2 subnets in the office. One subnet is at 192.168.0.XXX the other is 192.168.1.xxx.

The 192.168.0.xxx subnet is our internal Lan
the 192.168.1.1 subnet is in our DMZ.

On my windows laptop if I set my 10/100 network card to use a static ip address in the 192.168.0.xxx range, with the address of the internal DNS servers and NO Gateway, and then set the TCP/IP properties on my wireless card to sit in the DMZ with the external DNS and the Gateway set as the external router, it works great. This way I can can access resources in both subnets, use the DMZ connection for Internet access and still use our Windows 2000 Active Directory infrastructure on the LAN.

On the mac I cannot get it to work like this. Our internal DNS namespace is a non registered name "boomtown.com" The problem is that if I set the order in which the system tries connections so that the Airport (in the dmz) is first, then my internet work fine, but I can't use the internal DNS for resolution of any hosts in the boomtown.com domain becasue the system tries to run the DNS query against the public DNS first and ends up trying to contact the properly registered Internet Domainspace of boomtown.com.
If I set the eth interfaces to use the 10/100 first, I can't get interent access.

Is there somthing I'm missing? Is there a way to tell the computer to only use the internal DNS servers for the boomtown.com domain space and the public DNS for everything else?
15" Macbook Pro 1.83 2 GB RAM
Blackbook 13.3 Powerhouse 2 GB RAM
MacMini Dual Core 2 GB RAM (Sadly running Windows Most of the time)
Numerouse Workstations running windows and Linux. Sorry don't have the specs, I don't pay much attention to them anymore. :)
     
Camelot
Mac Elite
Join Date: May 1999
Location: San Jose, CA
Status: Offline
Reply With Quote
Apr 30, 2003, 12:57 AM
 
Why can't you set the internal DNS server on both NICs?

The DNS server doesn't have to be local, and if the Mac sees a 192.168.0.x address for the DNS server it'll use the local (wired) connection even though you're specifying that address on the other NIC.
Gods don't kill people - people with Gods kill people.
     
BkueKanoodle  (op)
Senior User
Join Date: Jan 2003
Status: Offline
Reply With Quote
Apr 30, 2003, 06:59 PM
 
When I try that it still doesn't resolve external Names. Internal work fine.
15" Macbook Pro 1.83 2 GB RAM
Blackbook 13.3 Powerhouse 2 GB RAM
MacMini Dual Core 2 GB RAM (Sadly running Windows Most of the time)
Numerouse Workstations running windows and Linux. Sorry don't have the specs, I don't pay much attention to them anymore. :)
     
Scarpa
Dedicated MacNNer
Join Date: Aug 2002
Status: Offline
Reply With Quote
May 1, 2003, 12:14 PM
 
Assuming your internal DNS server does not try to resolve any external domains, meaning it does not forward requests, you should be able to force your PB to look at the internal DNS first using NetInfo.

I have a vaguely similar setup for home use, except instead of an internal DNS server I have it set to look at my hosts file first.

You can probably find good info on Google by searching for lookupd and NetInfo. I would look into it more myself but a coworker has my PB for a couple days so I can't verify my settings. If you're still having problems next week I'll try to setup a double DNS server like you want.

EDIT: Here's a few links that discuss search orders for name resolution and how to modify them using NetInfo.

http://www.macwrite.com/criticalmass/mac-os-x-hosts.php

http://www.macwrite.com/criticalmass...-os-x-ends.php

http://www.osxfaq.com/man/8/lookupd.ws

http://www.hmug.org/man/8/lookupd.html

Those last two may be the same thing from different sites. Good luck.
(Last edited by Scarpa; May 1, 2003 at 12:21 PM. )
     
bzImage
Junior Member
Join Date: Mar 2003
Status: Offline
Reply With Quote
May 1, 2003, 12:56 PM
 
Setup a cache/secondary nameserver.

cache for the internet with forwarders to the DMZ dns and secondary for your internal domain.
     
Camelot
Mac Elite
Join Date: May 1999
Location: San Jose, CA
Status: Offline
Reply With Quote
May 1, 2003, 02:49 PM
 
Originally posted by BkueKanoodle:
When I try that it still doesn't resolve external Names. Internal work fine.
<theory>
What happens if you enter both IP addresses in the name server box, with the internal server listed first, followed by the external server?

In this way the Mac should fall down to the secondary server if the first server doesn't respond.

Part of this depends on how the internal server is configured - if it returns a 'no such host' error the Mac may not try the secondary one, but if the internal server returns 'unknown', the Mac may try the secondary server.
</theory>

Either way the problem could be fixed by setting the internal DNS server to do forwarding, so that unknown requests are forwarded to an external server. Talk to the system admins.
Gods don't kill people - people with Gods kill people.
     
BkueKanoodle  (op)
Senior User
Join Date: Jan 2003
Status: Offline
Reply With Quote
May 1, 2003, 06:53 PM
 
Originally posted by bzImage:
Setup a cache/secondary nameserver.

cache for the internet with forwarders to the DMZ dns and secondary for your internal domain.
I thought about that, but I don't want any of our internal LAN DNS info sitting in the DMZ.
15" Macbook Pro 1.83 2 GB RAM
Blackbook 13.3 Powerhouse 2 GB RAM
MacMini Dual Core 2 GB RAM (Sadly running Windows Most of the time)
Numerouse Workstations running windows and Linux. Sorry don't have the specs, I don't pay much attention to them anymore. :)
     
BkueKanoodle  (op)
Senior User
Join Date: Jan 2003
Status: Offline
Reply With Quote
May 1, 2003, 06:55 PM
 
Originally posted by Camelot:
<theory>
Talk to the system admins.
That helps, I AM THE SYSTEM ADMIN.

Trying to fix the current situation on the DNS design ( i inherited it from the last guy), but corporate politics are slowing me down.
15" Macbook Pro 1.83 2 GB RAM
Blackbook 13.3 Powerhouse 2 GB RAM
MacMini Dual Core 2 GB RAM (Sadly running Windows Most of the time)
Numerouse Workstations running windows and Linux. Sorry don't have the specs, I don't pay much attention to them anymore. :)
     
BkueKanoodle  (op)
Senior User
Join Date: Jan 2003
Status: Offline
Reply With Quote
May 1, 2003, 06:56 PM
 
Originally posted by BkueKanoodle:
I thought about that, but I don't want any of our internal LAN DNS info sitting in the DMZ.
Never mind, I guess I should of read your message more, I thought you were saying put a secondary DNS in the DMZ. I'll give that a shot. (I love my apple, but this was never a problem on my Windows Box )
15" Macbook Pro 1.83 2 GB RAM
Blackbook 13.3 Powerhouse 2 GB RAM
MacMini Dual Core 2 GB RAM (Sadly running Windows Most of the time)
Numerouse Workstations running windows and Linux. Sorry don't have the specs, I don't pay much attention to them anymore. :)
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -5. The time now is 05:55 AM.
All contents of these forums © 1995-2011 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.7 © 2000-2011, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2