General discussion

Locked

Private & Public Domains

By raednashat ·
Hi every body ...

I am trying to implement a firewall solution
for my W2K based network as follows :

I have a registered DNS domain as :

mydomain.edu.jo

Accordingly , my www server would be named as :
www.mydomain.ahu.edu.joand my mail server would be named as :

mymailserver.mydomain.edu.jo

with users having their email accounts as :

myaddress@mydomain.edu.jo


Now , I need to implement a DMZ solution and place my www.mydomain.edu.jo server on that segment .Please note that all servers on the DMZ segment should have Public IP addresses.


Next I want to place my Exchange 2000 server inside the private segment , use server publishing rules on the ISA server to make this server secure from the public and have a corresponding SMTP server on the DMZ to relay email traffic between the email server and the Internet.

Please note that all machines on the private segment should have private IP addresses.

The question is as follows:

Where should I implement the registered domain , in the DMZ or in the private segment ?

It should be on the DMZ to provide services for the public !!!

It should be on the local (private ) segment
to provide email access for my local clients , after all my email clients have their addresses as :

myaddress@mydomain.edu.jo

which certainly means that my email server should be a member of the windows 2000 domain called mydomain.edu.jo (to be created)
and my local user account should exist on that domain as well !!!!

Some experts say that you should never use the same domain for the inside and outside world , just how ?

Please try to provide any help.

Thanks & best regards.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Private & Public Domains

by eBob In reply to Private & Public Domains

I have worked on the following solution at some very large (multinational/100,000+ employees) organisations.

We simply maintained 2 separate "views" of "mydomain.com". The public servers would have entries in both the internal and external views.Private servers only on the private view. These views are maintained on 2 physically separate DNS servers, one on the public network, the other on the private.

External users would only see the public server, as advertised from the InterNIC.

Internal users would be a bit different. Their DNS pointers would point to a "local" DNS. This DNS server would not know much. It would in general forward requests to teh Internet for resolution, unless (and this is the key) told otherwise. So we simply said to these "local" servers: the AUTHORITATIVE SERVER for MYDOMAIN.com is the private server at this private address. So now any internal users needing to resolve a "mydomain.com" address look to the internal private view.

Collapse -

Private & Public Domains

by raednashat In reply to Private & Public Domains

The question was auto-closed by TechRepublic

Collapse -

Private & Public Domains

by GIJoe In reply to Private & Public Domains

Is this still a problem?

Collapse -

Private & Public Domains

by raednashat In reply to Private & Public Domains

The question was auto-closed by TechRepublic

Collapse -

Private & Public Domains

by raednashat In reply to Private & Public Domains

This question was auto closed due to inactivity

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums