Internal DNS server provide response to external requests?

domain-name-system windows-server-2008-r2 pfsense

I have a pfSense firewall and a Windows 2008 R2 DNS server. I'd really like my DNS server to respond to external queries for my subdomains. Right now, I'm using a 3rd party service for that.

Is there a way that I can have my 2008 server respond to DNS requests from "the world" while still keeping it behind the firewall?

I've only got one external IP, currently. If needed though, I could purchase a second if that'd help in this situation.


Solution 1:

You can get an additional IP and 1:1 NAT the internal DNS server to the public IP and open port 53.

You should note that you should really separate your authoritative servers from your recursive resolvers. What you're proposing is technically possible, but is really bad practice for a number of reasons.

Solution 2:

You can just port forward TCP/UDP 53 to your server on your existing WAN IP, if you aren't already running a DNS server on that IP. But I wouldn't recommend doing that in most cases, it's better to keep your public and private DNS separate. Especially if you're running Active Directory, you'll expose a good deal of information about your internal network to the world if you open the DNS server serving your AD to the Internet.

Related

Connecting Fiber interfaces on Cisco switches
creating proper vpn tunnel, when both LANs have the same addressing
why do Vagrant docs suggest using public IP address 33.33.33.10 for local VMs?
Server room in shipping containers
wireshark capture the traffic of other devices in LAN
How do I register only internal NIC address in AD DNS, with servers with multiple NICs?
Checking that tasks are executed
PSQL 64bit driver error
Can a non domain server obtain it's updates from a domain WSUS
Remove server info from Apache mod_autoindex and error page footers
Are Hyper-V IDE and SCSI devices performance equal?
Static to DHCP, bat file