Here is a brain teaser for all the DNS/Firewall guru's out there (which I am definately not!).

Here's the configuration: I have a server that I am using for both hosting and DNS. It is running Plesk 1.3.1. It is sitting behind a Sonicwall Tele2 firewall. The internal IP is 192.168.168.50, the external IP is say 63.116.176.33

The primary domain on the server is ids-llc.net (and the server name is ids-llc.net). The registar for this domain is directnic, where there are 2 DNS records setup:

ns.ids-llc.net 63.116.176.33
ns1.ids-llc.net 63.116.176.33

My questions are:

1. What should I set the server's nameserver records to? Currently I it set to:

192.168.168.50 (the internal IP of the server)

Should this be set to the IP of the firewall - 63.116.176.33?

2. How should I setup the DNS for the ids-llc.net domain in Plesk?

Currently it is set to:

ids-llc.net NS ns.ids-llc.net
ids-llc.net A 63.116.176.33
ns.ids-llc.net A 63.116.176.33
www.ids-llc.net CNAME ids-llc.net
63.116.176.33/24 PTR ids-llc.net

Should I point these to the internet IP instead?

3. How should I setup the DNS for any new domains on this server in Plesk?

4. Checking the httpd.conf file for Plesk, it seems to be using the 192... IP. For the server. Is this part of the problem?

Any insight would be appreciated...

Confused...

<RANT> I hate non-routable IP addresses. They break the end-to-end paradigm, require excessive work on the part of application protocol designers, and serve no purpose beyond being an easy way to conserve IPv4 addresses. The world would be a better place if non-routable IP addresses had never been assigned.</RANT>

Ok, first, you're going to run into problems because you only have one DNS server listed. I'm not sure if your domain is in NSI's database properly because of this, and directnic should never have allowed you to set the nameservers like that. (Yes, you have two different names -- ns and ns1 -- but it is the same IP address, and it is the IP addresses which matter here). Get a second IP address bound to your firewall and forwarded (on part 53/UDP/TCP) to your server.

All of your zone files should reference the *external* IP addresses. The addresses in the zone files are what other machines will look at in order to find your server -- they'll get confused if you give them your internal address.

Similarly, configuration files which are internal to the server -- ie, files which tell applications which IPs to bind to -- should reference the *internal* IP address, since that is what the server knows about. Your httpd.conf file is correct.

I'd say that the largest problem with your setup is that you don't have proper nameserver entries in NSI's database; apart from that, be aware that you may have problems with FTP, streaming media, and loopback connections, depending upon how intelligent the firewall is.

You need at least two nameserver entries, you only have one :
NS.IDS-LLC.NET 63.116.176.33

But it appears this nameserver is not registered as a nameserver. You must do that with your domain registrar. All opensrs registrars offer this.

Each registered nameserver must have it's own unique IP # as well.