Question : DNS Loopback Problem on Watchguard Firebox - 500

I do have same problem

network configuration of mine is
======================
External connection comes in firewall "watchguard firebox -X500" then split into LAN, and DMZ.
on DMZ my mail server and web server is therer 192.11.156.XX <=> public IP
on LAN i do have one DNS server 192.168.0.XX

Firewall policies
===============
DMZ<=>External
Internal=>External
Internal=>DMZ

LAN (ethernet)
IP : 192.168.0.XX/24
Gatway: Firebox LAN interface IP
DNS:ISP DNS

so the problem is
=====================
if i mention the ISP DNS then the DNS resolves through the ISP and finally Loopback not successed and mycompany.com will not function but all web site will function

if i mention the internal DNS then the only mycompany.com will function not othere website function.

so can i split the DNS internally and externally on win2k server platform

Answer : DNS Loopback Problem on Watchguard Firebox - 500

What you can do is to delete the "." root zone in your DNS and add a forwarder to your ISP DNS, alternatively you can use a root hint.

To Remove the Root DNS Zone
1. In DNS Manager, expand the DNS Server object. Expand the Forward Lookup Zones folder.
2. Right-click the "." zone, and then click Delete.

To Configure Forwarders
1. In DNS Manager, right-click the DNS Server object, and then click Properties.
2. Click the Forwarders tab.
3. Click to select the Enable Forwarders check box.
4. In the IP address box, type the first DNS server to which you want to forward, and then click Add.
5. Repeat step 4 until you have added all the DNS servers to which you want to forward.

To Configure Root Hints
1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2. In the DNS Management console, right-click the server name, and then click Properties.
3. Click the Root Hints tab. Your DNS server's root servers are listed on this tab.

Ensure that you have open port 53, TCP and UDP in your fw policy, this is for your DNS to do name resolution query.

Once you have done the above, your client can point to the internal DNS, and the DNS will resolve both external and internal names.

Hope This helps.

Random Solutions

reverse proxy for domino with ssl configuration

UNIX internet host table

Duplex.. full, half, auto?

netdom join in specified OU problem

Multiple services are terminated unexpectedly at startup in XP Pro

sending MTA's poor reputation - cant send email to some domains

RPL is not working (Novell 4.11)

Using IP to detect location

LANtoLAN VPN Between PIX 515 and Non Cisco Devices

Configuring Tomcat 6.0 with Apache Web Server 2.2