Re: Multihomed DNS server install problems
From: ObiWan (anzenNO-SPAM_at_gmx.net)
Date: 03/10/04
- Next message: Jerome: "name resolution just working for servers!?"
- Previous message: Herb Martin: "Re: troubleshooting DNS"
- In reply to: Ace Fekay [MVP]: "Re: Multihomed DNS server install problems"
- Next in thread: Ace Fekay [MVP]: "Re: Multihomed DNS server install problems"
- Reply: Ace Fekay [MVP]: "Re: Multihomed DNS server install problems"
- Reply: Ace Fekay [MVP]: "<OT> Re: Multihomed DNS server install problems"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 10 Mar 2004 09:31:09 +0100
> > Obiwan,
> >
> > Thanks for the useful information. I am planning on pulling everything
> > private onto a private DNS server and will take your advice.
You're welcome, but I contributed very little here all the "grunt work"
was carried on by Ace and the other folks ... :-)
> > 1) Do I just need to contact my ISP and ask them to include a pointer
> > to my DNS if my reverse resolution is to work. Is that the same as
> > "delegate the IP block"?
As for Ace answer .. yes, that's the usual way to do it, you should
ask them to delegate the reverse zone for your IP block to your
DNS server so that you'll handle the reverse directly from it; btw
be sure to delegate the reverse to both your local (primary) DNS
and a secondary one !!
> > 2) I still get this error when I perform the monitoring test on the
> > DNS. Although everything appears to be working correctly and
> > resolving correctly when I enable the second NIC I get the error. If
> > I disable the second NIC and re-run the test it passes?
> I still think it's due to your binding order and what IP the thing's
> listening on. It makes sense if you run throught what I mean, based on the
> previous post about this.
Yes, it's probably just a matter of NIC/IP binding order, the public NIC
should come first, before the private one, also, be sure that the DNS
machine points to its _public_ address for DNS resolution and not to
its private one; that said, I still prefer (whenever possible) avoiding to
mix/match public and private DNS on the same box; aside from any
config issue, it's a security risk too since an attacker gaining access
to the DNS will be able to see the private addressing scheme and
use it to carry the "penetration" further on, better (as I wrote) using two
separate box and forwarding the private DNS to the public one
<OT>
Ace; did you hear from NT lately ? I think he may have a whole
lot of interesting stuff to talk about and not just about DNS, in
case, just drop him (or me) a line, I think you'll be interested ;-) !
</OT>
-- * ObiWan DNS "fail-safe" for Windows 9x, 2000 and up http://ntcanuck.com Support and discussions forum http://ntcanuck.com/net/board 408 XP/2000 tweaks and tips http://ntcanuck.com/tq/Tip_Quarry.htm
- Next message: Jerome: "name resolution just working for servers!?"
- Previous message: Herb Martin: "Re: troubleshooting DNS"
- In reply to: Ace Fekay [MVP]: "Re: Multihomed DNS server install problems"
- Next in thread: Ace Fekay [MVP]: "Re: Multihomed DNS server install problems"
- Reply: Ace Fekay [MVP]: "Re: Multihomed DNS server install problems"
- Reply: Ace Fekay [MVP]: "<OT> Re: Multihomed DNS server install problems"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
