Using outside DNS name to access internal server from inside the network

Discussion in 'Cisco' started by scooty, Mar 19, 2006.

  1. scooty

    scooty Guest

    Hi all
    A strange request from a client which I am unsure can be achived using
    The client has a mail server, say and it's DNS name for
    example is to the outside world also maps to a real IP address as one would expect,
    which is the IP address of the WAN interface on the Cisco router. The
    client wants to be able to access using the external
    DNS reference on say port 8081 (internally)
    So any user who opens a browser inside the private network, points it
    to should be able to access the mail server. is located inside the network but is using the outside
    IP address as dNS resolution is giving the inside user a real IP for
    My question is can this be achieved? I hope I have explained myself
    well enough for this to make sense!
    scooty, Mar 19, 2006
    1. Advertisements

  2. scooty

    BernieM Guest

    If the internal dns resolves to the 'external' ip then one would assume a
    clients connection attempt would be directed to the 'internet' by internal
    routing. In that case the clients firewall should be able to redirect and
    nat back to the real internal server.

    That would be the easiest way to do it but what are they trying to achieve
    by referencing an internal host by its 'external' address.

    BernieM, Mar 19, 2006
    1. Advertisements

  3. scooty

    scooty Guest

    Thx BernieM
    I am not to sure what the client is trying to achieve with this, the
    only thing I can think of would be say a sales rep who travels on the
    road. When they dial in they use an external DNS to resolve the mail
    server and when in the office they would use the private IP, but they
    would always use the FDQN rather than seperate addresses. The only
    thing I can see that will do it is either local hosts files or an
    internal DNS server pointing to the local private address. The problem
    is that some of the lower end brand routers (probably in bridge mode)
    will do this, but I don't think it's a NAT thing but more a DNS thing.
    And of course because these lower end devices do it the client thinks
    Cisco's must be able to do the same. Hence my dilemma!
    Thx for your prompt reply BernieM, especially on a weekend!
    scooty, Mar 19, 2006
  4. i'm thinking of two ways getting this to work:

    if you're in control of the DNS and it is bind 9 or newer there are "Views"

    another way could be catching internal to external DNS client request and
    redirect them to a local DNS-server
    Matthias Gruber, Mar 19, 2006
  5. scooty

    BernieM Guest

    Sorry but I'm confused. In your original post you said:

    "The client wants to be able to access using the external
    DNS reference. So any user who opens a browser <snipped> is using the
    outside IP address"

    which I said would be achieved by having the internal dns resolve to that
    external address but now you're suggesting to have ...

    "the internal DNS server pointing to the local private address.

    What is actuallt wanted?

    When their sales people 'dial in' why would they be using an external dns?

    BernieM, Mar 19, 2006
  6. scooty

    scooty Guest

    OK I am unsure exactly what the client wants as they haven't been
    forthcoming about it. This was just a guess as I can't see any reason
    why you would want to do this also.
    But in a nutshell, they want to be able to open a browser locally
    (inside private IP) that points to their mail server on port 8081. The
    mail server is resolved using the external DNS so I would have to
    assume there is no internal DNS server. So with that they would have to
    run a DNS server internally or use local host files! Correct?
    I'm sorry for the vagueness but this is 3rd party information passed to
    me by the IT consuling firm on behalf of the client! (I am from the
    If their clients were dialling in it would be to the ISP's POP, hence
    the need to use both the internal address and the external address, but
    like I say this is just a guess.
    Thx again BernieM and also to Matthias, sorry for any confoozion :)
    scooty, Mar 19, 2006
  7. scooty

    BernieM Guest

    I see why dial in clients are using an external dns ... in isn't actually
    'dial in' as such in that the clients only dial into an ISP and would then
    hit your customers internet front end ... like any other Internet-based
    client. The fact they've dialled in to an ISP is transparent to your

    It makes sense that an 'external' client resolves the mail servers external
    address but is this a server they host?

    Odd to assume there's no internal dns. Remove the assumptions about how
    everything hangs together and it will make it a lot easier for people to
    make recommendations.

    BernieM, Mar 20, 2006
  8. scooty

    chris Guest

    This can be done if the gateway is just a router. Using either external or
    internal DNS, if this resolves to the global IP address then some devices
    allow traffic to be sent to the gateway with a destination of the live IP
    address, NATed and then sent back into the network. Some devices such as the
    Cisco Pix do not allow this as with the Pix any traffic entering one network
    interface has to exit from a different interface. You can't NAT "on a stick"
    so to speak.

    I *think* that with a router this might be okay. However, the best option is
    always internal DNS and "views".

    chris, Mar 21, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.