Re: Multihomed DNS server install problems
From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 03/10/04
- Next message: Ace Fekay [MVP]: "<OT> Re: Multihomed DNS server install problems"
- Previous message: Sharad Naik: "Re: Controlling DNS query order in multiple network adapters"
- In reply to: ObiWan: "Re: Multihomed DNS server install problems"
- Next in thread: Ace Fekay [MVP]: "<OT> Re: Multihomed DNS server install problems"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 10 Mar 2004 06:55:00 -0500
In news:uBWsLonBEHA.3784@TK2MSFTNGP10.phx.gbl,
ObiWan <anzenNO-SPAM@gmx.net> posted their thoughts, then I offered mine
>>> Obiwan,
>>>
>>> Thanks for the useful information. I am planning on pulling
>>> everything private onto a private DNS server and will take your
>>> advice.
>
> You're welcome, but I contributed very little here all the "grunt
> work"
> was carried on by Ace and the other folks ... :-)
>
>>> 1) Do I just need to contact my ISP and ask them to include a
>>> pointer to my DNS if my reverse resolution is to work. Is that the
>>> same as "delegate the IP block"?
>
> As for Ace answer .. yes, that's the usual way to do it, you should
> ask them to delegate the reverse zone for your IP block to your
> DNS server so that you'll handle the reverse directly from it; btw
> be sure to delegate the reverse to both your local (primary) DNS
> and a secondary one !!
>
>>> 2) I still get this error when I perform the monitoring test on the
>>> DNS. Although everything appears to be working correctly and
>>> resolving correctly when I enable the second NIC I get the error. If
>>> I disable the second NIC and re-run the test it passes?
>
>> I still think it's due to your binding order and what IP the thing's
>> listening on. It makes sense if you run throught what I mean, based
>> on the previous post about this.
>
> Yes, it's probably just a matter of NIC/IP binding order, the public
> NIC should come first, before the private one, also, be sure that the
> DNS machine points to its _public_ address for DNS resolution and not
> to
> its private one; that said, I still prefer (whenever possible)
> avoiding to mix/match public and private DNS on the same box; aside
> from any
> config issue, it's a security risk too since an attacker gaining
> access
> to the DNS will be able to see the private addressing scheme and
> use it to carry the "penetration" further on, better (as I wrote)
> using two separate box and forwarding the private DNS to the public
> one
>
Just want to point out, Obi, if making the public NIC top in binding, and
using itself or public DNS, then we're going to assume this machine won't be
particitpating with AD or anything else internal. Reason I mentioned, I
think Adam wanted to make it a DC?? Can;'t remember now... :-) If so reverse
that, if not, go with that!
:-)
-- Regards, Ace Please direct all replies to the newsgroup so all can benefit. This posting is provided "AS IS" with no warranties. Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP Microsoft Windows MVP - Active Directory -- =================================
- Next message: Ace Fekay [MVP]: "<OT> Re: Multihomed DNS server install problems"
- Previous message: Sharad Naik: "Re: Controlling DNS query order in multiple network adapters"
- In reply to: ObiWan: "Re: Multihomed DNS server install problems"
- Next in thread: Ace Fekay [MVP]: "<OT> Re: Multihomed DNS server install problems"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
