Re: Multihomed DNS server install problems
From: Adam Marx (AdamMarx_at_WebAJM.com)
Date: 03/09/04
- Next message: Herb Martin: "Re: Recursive DNS Lookups Fail"
- Previous message: Jim Carlock: "224.0.0.1"
- In reply to: ObiWan: "Re: Multihomed DNS server install problems"
- Next in thread: Ace Fekay [MVP]: "Re: Multihomed DNS server install problems"
- Reply: Ace Fekay [MVP]: "Re: Multihomed DNS server install problems"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 9 Mar 2004 12:36:12 -0500
Obiwan,
Thanks for the useful information. I am planning on pulling everything
private onto a private DNS server and will take your advice.
Ace, Kevin and yourself have been a great help. I, as well as others I'm
sure, appreciate it.
2 other notes or question. I hope Ace can see this posting.
1) Do I just need to contact my ISP and ask them to include a pointer to my
DNS if my reverse resolution is to work. Is that the same as "delegate the
IP block"?
2) I still get this error when I perform the monitoring test on the DNS.
Although everything appears to be working correctly and resolving correctly
when I enable the second NIC I get the error. If I disable the second NIC
and re-run the test it passes?
Thanks,
Adam J. Marx
"ObiWan" <anzenNO-SPAM@gmx.net> wrote in message
news:e8mMSFdBEHA.2404@TK2MSFTNGP11.phx.gbl...
>
> > Awesome tag! "ObiWan"...
>
> Thanks :-)
>
> > I'm a tad confused, as usual. I have 2 NIC's
> > in this box 1 is private and 1 is public.
> >
> > In my SOA do I need to list both IP's or only the
> > public IP that will be recieving requests for DNS
> > information?
>
> Hm .. if I understand it correctly the DNS is serving
> addresses to the outside, so .. it isn't a good idea
> adding "private" addresses to it, that may cause
> problems, btw you'll still need a reverse zone for
> the public address(es) and if possible you should
> ask your carrier/isp to delegate the IP block you
> use to your DNS so that you'll be able to handle
> the reverse resolution through your DNS too
>
> About the "nslookup" error, that's due to the fact that
> nslookup tries to perform a reverse lookup on the
> dns IP it uses and if the reverse doesn't work (as in
> your case) it will "barf"
>
> As a final note (if possible) I'd setup a "private only"
> DNS forwarding external requests to the other DNS
> (your current one) and I'd move this latter into a DMZ
> to avoid security problems; this way the public DNS
> will only handle public addresses while the private
> one only private addresses and this will allow you
> to setup a correct "private" reverse zone on the
> private DNS... just to be more clear
>
> Internet
> |
> firewall---dmz----- public DNS
> |
> lan ---- private DNS
> |
> clients
>
> so the private DNS will have all your private IPs and
> so on and it will forward any external resolution to the
> public DNS which in turn will also serve all your public
> IPs to the internet, now, if you're using the _same_
> domain for both your LAN and the internet things will
> become somewhat tricky since you'll need to setup
> both DNS as primary for your domain and to add the
> public (DMZ) hosts IP addresses to the LAN dns too
> to avoid resolution problems; another solution (if it's
> possible btw) may be using a "sub-domain" for your
> LAN, so you may have a public "acme.com" domain
> and a private "lan.acme.com" one
>
> Hope it helps
>
>
> --
>
> * ObiWan
>
> DNS "fail-safe" for Windows 2000 and 9X clients.
> http://ntcanuck.com
>
> Support and discussions forum
> http://ntcanuck.com/net/board
>
> 408 XP/2000 tweaks and tips
> http://ntcanuck.com/tq/Tip_Quarry.htm
>
>
- Next message: Herb Martin: "Re: Recursive DNS Lookups Fail"
- Previous message: Jim Carlock: "224.0.0.1"
- In reply to: ObiWan: "Re: Multihomed DNS server install problems"
- Next in thread: Ace Fekay [MVP]: "Re: Multihomed DNS server install problems"
- Reply: Ace Fekay [MVP]: "Re: Multihomed DNS server install problems"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
