DNS + Network setup

By allibubba ·
hi there, seem to find eht best answers here at TR so decided to sign up. i'm looking for some basic network/server setup advice.

my current setup goes something like this:

modem -> router -> switch

from my switch i have:
1. W2K3-1(DNS, AD, file server) 2 static ip's [ &]
2. W2K3-2(IIS), [ &]
also have a a few pc's, a mac and 2 linux boxes.

my question is about my dns setup, does my W2K3-1 box need to come before my other machines, between the router and switch, one line in from router, and one line out to switch, and if that is the case, what do you guys recommend i do for the ip address's (2 NIC's)on that machine, should my W2K3 machines only have one static IP each?

i've been reading a lot of MS tech docs to try and help me out, but they are a little bit techy for me, just need a basic overview/direction into what i should be doing.

thanks for any ideas


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Nice setup

by 45GEEK In reply to DNS + Network setup

Dns can come in two instances internal and external. Usually external (your ISP) for access to the cloud and internal for your LAN. Dual nics are fine. General rule of thumb is that a DNS server should be by itself or only with AD because of the inherant load and security concerns. It should make no difference where your DNS is located in the logical network but should be where the network can have access to it. It simplifies configuration if it sets right behind the firewall into your LAN. Because it can then resolve addresses instead of going over the entire network.

There are three major concerns in any network.
1. Security
2. Bandwidth
3. Security

So always base your decisions on Security for your system unless you like giving all of your information out to the whole world.
As far as anything else goes it depends upon how big your network is and how the different parts of it interact. For security purposes one address should be dedicated for the outside world and the other to your inside world. Your DNS should handle only internal requests and let the ISP's handle all others without sharing between the two. There is no reason for the outside world to see what is on the inside.

Make sure you use a good firewall at the modem and up-to-date anti-virus and anti-spyware/malware on all the internal.

Have fun.

Collapse -

internal/external dns

by allibubba In reply to Nice setup

thanks for taking a look 45, i ended up bridging my two nic's and setting a single IP up on my dns machine. i do have internal and external dns (external:, internal, demo.local), external is handled via, works great, i can set up dev sites and check them form outside my network.

so i set up my internal - demo.local - before i had an external domain name, and i read through some tech note/best practice that my internal domain should be a subdomain of my external, so rather than demo.local, it should be something like that sound right? though i'm not sure if changing my internal dns will be that easy, especially since i had quite a few challenges getting some of the machines in my network onto my domain (mac was especially tough), any ideas or thoughts on this?


Related Discussions

Related Forums