DNS Issue….

Rayj00 asked 2 years ago

I have the following networks:
10.XXX.64.128/26
10.XXX.64.64/26
10.XXX.64.32/27
10.XXX.64.192/27

Each network has it's own set of DNS servers.

From a server in 64.128/26, I can ping every server in every network.

I am running vulnerability scans out of the 64.128/26 network. I can ping all servers in all networks. The vulnerability scans are running just fine with the exception that I am missing HOSTNAMES/DNSnames for many of the servers in the subsequent Retina vulnerability report.

nslookup will not work from one network to another.

If I run nslookup and set the server to one of the other network DNS servers, nslookup works find and can resolve an IP of that network to the DNS name.
However, Retina is coming up "unknown" for DNSname.

This is probably a simple problem but I am banging my head right now.

Ideas?

2 Answers
Shnerdly Staff answered 2 years ago

Thanks for your question Rayj00.

This is a beyond my experience but I suspect that if the servers were given a subnet mask of 255.255.255.0 and maintain the current subnet mask for the computers on each subnet, it would allow the users to access the servers on their specific subnet but not the others while allowing the servers to see and communicate with each other.

Rob Vargas Staff answered 2 years ago

What AboveTheLogic said. DNS is more or less staying within its respective zone. You need to get that data shared. I think you can set the other DNS servers as a forwarding destination for each individual server.

Or you can create an overall DNS server, and have all subnet DNS servers query it.

There's also a way, I think, to have the servers update each other regularly. It's too early in the morning right now. I'll try to locate that.

Know the answer? Login or sign up for an account to answer this question.
Sign Up