Re: DNS in two domains (one on a DMZ)

From: Phillip Windell (_at_.)
Date: 07/08/04 

Date: Thu, 8 Jul 2004 16:34:30 -0500

"Rich" <RWad@RWcom> wrote in message
news:uRevrsQZEHA.2816@TK2MSFTNGP11.phx.gbl...
> I am wondering about the correct DNS settings for a network with two
> domains.
> I have an internal domain (DC 172.16.0.1) and a DMZ domain (DC
192.168.0.1).
>
> 1. I am going to use ISA server to publish a web server from the DMZ out
to
> the internet. It will access SQL server data on the internal network,
which
> it will access through a publishing rule on the internal ISA server.

That depends on *which* ISA on what *kind* of DMZ.

Here are that variations, and each is handled differently
1. Back-to-Back with 2 ISA's (one on each end)
2. Back-to-Back with 2 firewalls (one on each end, no ISA)
3. Back-to-Back with 1 ISA, 1 firewall (firewall on Internet end)
4. Back-to-Back with 1 ISA, 1 firewall (ISA on Internet end)
5. Tri-Homed DMZ using a firewall (no ISA)
6. Tri-Homed DMZ using a ISA (no hardware firewall)

Then just for fun you can have a Back-toBack and a Tri-Homed at the same
time using any combination of the above which brings you up to about 14
different types of DMZs

> I started going down the route of assuming I needed to put a forwarder
onto
> my internal DNS server. This should point to a caching server on the DMZ.
> ................
> this, but cannot load the stub zone from the master. (I added two server
> publishing rules for DNS onto the internal server.)

You don't "publish" any DNS.
All clients point to the Internal DNS, it is turn uses a Forwarder to the
DNS on the DMZ, which in turn uses a Forwarder to the ISP's DNS.

That is the best I can tell you with something like this. If I was in that
position I would go way, way, out of my way to create a simpler situation. 

-- 
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Relevant Pages

  • Re: Urgent! New router and big disaster
    ... The SBS DNS server, running on ... its IP it means that your problem is now DNS. ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
    (microsoft.public.windows.server.sbs)
  • Re: DNS Fails when RAS enabled on ISA 2004
    ... Dcpromo down the ISA firewall to member server of the Internal network ... Remove the DNS server from the ISA firewall, or make it a caching only ... Configure the internal network DNS server to resolve Internet host names ...
    (microsoft.public.isa)
  • Re: ISA error intermittent
    ... Now with that said, and considering the error is an "ISA page",...I suspect ... All machines on a LAN need to use the LAN's own internal AD/DNS Server ... DNS in the Forwarders List in the DNS Config. ... Microsoft Internet Security & Acceleration Server: ...
    (microsoft.public.isa)
  • Re: Isa server RADIUS/IAS authentication - help me
    ... Im using ISA Server 2004 Standard SP3. ... About DNS trafiic I'll create one firewall policy to DNS: ... Allow Internal Server DNS to ISP DNS Servers for all users. ... When I put my Internet Explorer for automatic detect settings I dont access ...
    (microsoft.public.isa)
  • 141200 errors in event viewer
    ... I'm starting from scratch again on my ISA server after everything crashed ... only DNS service on the ISA in addition to the internal DNS service for my ... Most Internet traffic went through ...
    (microsoft.public.isa.configuration)
Loading