Using outside DNS name to access internal server from inside the network

If the internal dns resolves to the 'external' ip then one would assume a clients connection attempt would be directed to the 'internet' by internal routing. In that case the clients firewall should be able to redirect and nat back to the real internal server.

That would be the easiest way to do it but what are they trying to achieve by referencing an internal host by its 'external' address.

BernieM

Thx BernieM I am not to sure what the client is trying to achieve with this, the only thing I can think of would be say a sales rep who travels on the road. When they dial in they use an external DNS to resolve the mail server and when in the office they would use the private IP, but they would always use the FDQN rather than seperate addresses. The only thing I can see that will do it is either local hosts files or an internal DNS server pointing to the local private address. The problem is that some of the lower end brand routers (probably in bridge mode) will do this, but I don't think it's a NAT thing but more a DNS thing. And of course because these lower end devices do it the client thinks Cisco's must be able to do the same. Hence my dilemma! Thx for your prompt reply BernieM, especially on a weekend!

i'm thinking of two ways getting this to work:

if you're in control of the DNS and it is bind 9 or newer there are "Views"

another way could be catching internal to external DNS client request and redirect them to a local DNS-server

Sorry but I'm c "The client wants to be able to access mail.test.com.au using the external DNS reference. So any user who opens a browser is using the outside IP address"

which I said would be achieved by having the internal dns resolve to that external address but now you're suggesting to have ...

"the internal DNS server pointing to the local private address.

What is actuallt wanted?

When their sales people 'dial in' why would they be using an external dns?

BernieM

OK I am unsure exactly what the client wants as they haven't been forthcoming about it. This was just a guess as I can't see any reason why you would want to do this also. But in a nutshell, they want to be able to open a browser locally (inside private IP) that points to their mail server on port 8081. The mail server is resolved using the external DNS so I would have to assume there is no internal DNS server. So with that they would have to run a DNS server internally or use local host files! Correct? I'm sorry for the vagueness but this is 3rd party information passed to me by the IT consuling firm on behalf of the client! (I am from the ISP) If their clients were dialling in it would be to the ISP's POP, hence the need to use both the internal address and the external address, but like I say this is just a guess. Thx again BernieM and also to Matthias, sorry for any confoozion :-)

I see why dial in clients are using an external dns ... in isn't actually 'dial in' as such in that the clients only dial into an ISP and would then hit your customers internet front end ... like any other Internet-based client. The fact they've dialled in to an ISP is transparent to your customer.

It makes sense that an 'external' client resolves the mail servers external address but is this a server they host?

Odd to assume there's no internal dns. Remove the assumptions about how everything hangs together and it will make it a lot easier for people to make recommendations.

BernieM

This can be done if the gateway is just a router. Using either external or internal DNS, if this resolves to the global IP address then some devices allow traffic to be sent to the gateway with a destination of the live IP address, NATed and then sent back into the network. Some devices such as the Cisco Pix do not allow this as with the Pix any traffic entering one network interface has to exit from a different interface. You can't NAT "on a stick" so to speak.

I *think* that with a router this might be okay. However, the best option is always internal DNS and "views".

Chris.