Re: Multihomed DNS server install problems

From: ObiWan (anzenNO-SPAM_at_gmx.net)
Date: 03/09/04 

Date: Tue, 9 Mar 2004 13:23:23 +0100

> Awesome tag! "ObiWan"...

Thanks :-)

> I'm a tad confused, as usual. I have 2 NIC's
> in this box 1 is private and 1 is public.
>
> In my SOA do I need to list both IP's or only the
> public IP that will be recieving requests for DNS
> information?

Hm .. if I understand it correctly the DNS is serving
addresses to the outside, so .. it isn't a good idea
adding "private" addresses to it, that may cause
problems, btw you'll still need a reverse zone for
the public address(es) and if possible you should
ask your carrier/isp to delegate the IP block you
use to your DNS so that you'll be able to handle
the reverse resolution through your DNS too

About the "nslookup" error, that's due to the fact that
nslookup tries to perform a reverse lookup on the
dns IP it uses and if the reverse doesn't work (as in
your case) it will "barf"

As a final note (if possible) I'd setup a "private only"
DNS forwarding external requests to the other DNS
(your current one) and I'd move this latter into a DMZ
to avoid security problems; this way the public DNS
will only handle public addresses while the private
one only private addresses and this will allow you
to setup a correct "private" reverse zone on the
private DNS... just to be more clear

Internet
|
firewall---dmz----- public DNS
|
lan ---- private DNS
|
clients

so the private DNS will have all your private IPs and
so on and it will forward any external resolution to the
public DNS which in turn will also serve all your public
IPs to the internet, now, if you're using the _same_
domain for both your LAN and the internet things will
become somewhat tricky since you'll need to setup
both DNS as primary for your domain and to add the
public (DMZ) hosts IP addresses to the LAN dns too
to avoid resolution problems; another solution (if it's
possible btw) may be using a "sub-domain" for your
LAN, so you may have a public "acme.com" domain
and a private "lan.acme.com" one

Hope it helps 

-- 
* ObiWan
DNS "fail-safe" for Windows 2000 and 9X clients.
http://ntcanuck.com
Support and discussions forum
http://ntcanuck.com/net/board
408 XP/2000 tweaks and tips
http://ntcanuck.com/tq/Tip_Quarry.htm

Relevant Pages

  • Re: Multihomed DNS server install problems
    ... > DNS server so that you'll handle the reverse directly from it; ... > be sure to delegate the reverse to both your local DNS ... > NIC should come first, before the private one, also, be sure that the ... Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP ...
    (microsoft.public.win2000.dns)
  • Re: Update dns for local address space
    ... list that as your mailserver, nobody on the internet will know how to ... unless they are also part of your private network. ... reverse lookup on all connections. ... I've never mocked about with DNS in any *nix og *bsd operating systems. ...
    (comp.unix.bsd.freebsd.misc)
  • Re: DNS for Idiots...
    ... > DNS: Primary DNS is pointing to a DNS server on your LAN? ... > those to private IPs running on servers on the LAN, web servers, not DNS ...
    (microsoft.public.win2000.dns)
  • Re: DNS Server with 2 NICs
    ... >> Public IP and the other one is having Private IP. ... the problelm I am facing is that when I ping my DNS ... > If you are trying to host the public zone on the private DNS server ... > Intermittent Internet Connection - DNS Netlogon refresh problem? ...
    (microsoft.public.windows.server.dns)
  • Re: Need Help from DNS Expert on Subdomain DNS Records
    ... When you use nslookup to resolve these names do you get the correct internal ... domain from within and outside our firewall. ... public IP to point to the same private IP, ... You need to verify that the all DNS servers assigned to a the DNS Client be ...
    (microsoft.public.windows.server.dns)
Quantcast