General discussion

Locked

Setting up External and Internal DNS

By quintar51 ·
Hi,

I have a registered domain name, 'mydomain.com'

I want to configure an external DNS, with the zone 'mydomain.com', which will reside on a DMZ.

I also want to configure an internal DNS server, with the zone 'internal.mydomain.com'.

1) As far as my understanding of DNS, both servers should be root servers, as both are authoritative for their respected zones. However, When I set it up that way, I was unable to use forwarders to forward any queries to my ISP's DNS servers.2) Also, Should My external DNS only have a record of my public address?

3) And should my internal server (with 2 NICs), have a record for the outside host and inside hosts?

4) One last thing, My internal DNS server, will have exchange server and ISA server running.

Any suggestions would be greatly appreciated!

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Setting up External and Internal DNS

by quintar51 In reply to Setting up External and I ...

Point value changed by question poster.

Collapse -

Setting up External and Internal DNS

by sbaltus In reply to Setting up External and I ...

Hi I think what you are trying to do is overkill
we setup alot of networks with w2ksbs2000 and just 2000 serveron the sbs network the server is the DC ISA DNS DHCP andExchange servers we set all clients to use the internal dns server with out any problems.If i misunderstood why you are trying to do this please get back

Collapse -

Setting up External and Internal DNS

by quintar51 In reply to Setting up External and I ...

This is for my home network. I don't have SBS server, just exchange, ISA, and w2k. I'm trying to recreate a 'real world' scenario with what I have. I have 3 machines. The 'overkill' machine will be able to handle ISA EXCHANGE DNS and DHCP. It'sa brand new machine and I only have 1 client machine, so there won't be any overhead. My 3rd machine will be used as a DNS server on a DMZ.

I need to know what the best way to setup DNS for that scenario. If I only setup an internal DNS for 'internal.mydomain.com', then I won't have a zone for 'mydomain.com'. That's why I'm using the DNS on the DMZ to host 'mydomain.com'.

Hope this makes sense to someone out there

Collapse -

Setting up External and Internal DNS

by expertpc In reply to Setting up External and I ...

1. Your external DNS server is the Start of Authority (SOA or Root) for the "mydomain.com" zone and would normally have it's forwarders set to the .com server but there are times when you would instead point them to your ISP. Make sure you have the ports open on your external firewall to allow DNS traffic(if you have one). IN SHORT YOU ARE CORRECT

2. Generally no. There should be no reason that an external person needs to access something in your intranet and if they do it should be through a DMZ based resource such as WEB, VPN, MAIL, etc. on the DMZ resources you can specify the exact communication between it and the intranet. You generally block this on both the server and on the firewall by port and IP (socket) restrictions

3. First, why do you have two nics? Your Internal DNS should only be on the internal segment. It will cummunicate with the external DNS through the firewall. Second, your external DNS should have all the DMZ records. Let the Internal forward all requests to the external DMZ. This simplifies administration. Also, make sure you have no internal records on your external DMZ.

4. WOW. You should install the OWA module on your external DNS machine (in your case only) and have it communicate throught the firewall (open the required ports)to the internal exchange server. Never directly expose your mail server to the DMZ. As for ISA, I assume it is your firewall. If so You have really given yourself some heartache here. Two nics, one internal, one external, internall BIND two ips to it, external only one. On the internal NIC IP 1 should be for DNS and Mail. IP 2 should be for the inside port of the ISA. Specify that the second ip is the gateway on all the clients and servers. When you setup ISA you will have to make sure you specify this all correctly.

GOOD LUCK. You should really load ISA on a separate machine

Collapse -

Setting up External and Internal DNS

by quintar51 In reply to Setting up External and I ...

Poster rated this answer

Collapse -

Setting up External and Internal DNS

by shortbus In reply to Setting up External and I ...

1) Delete the "." entry in your forward lookup DNS zone. It makes the DNS server believe it is a root server itself. After you delete it, wait a little while or restart dns, you'll notice that forwarders are available and you're normal root servers are in effect. Then, you'll be able to use your DNS servers to resolve public domain names.

2) Yes, don't want external clients being able to resolve internal addresses.

3) Create a standard primary zone on the external server and have itperform zone transfers to a standard secondary zone on your internal server. That way, internal clients will be able to resolve external names without having to maintain the external namespace twice.

4) Won't give an answer cause I'm not familiar with ISA.

Hope this helps,

Bus

Collapse -

Setting up External and Internal DNS

by quintar51 In reply to Setting up External and I ...

Poster rated this answer

Collapse -

Setting up External and Internal DNS

by quintar51 In reply to Setting up External and I ...

This question was closed by the author

Back to Windows Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums