Re: Need help on setting up win2000 dns

From: Herb Martin (news_at_LearnQuick.com)
Date: 12/09/04

• Next message: Herb Martin: "Re: A newbie question: what is SOA for?"
• Previous message: Herb Martin: "Re: Setup a new 2003 DNS in a mixed mode of 2000 and NT4"
• In reply to: Kevin D. Goodknecht Sr. [MVP]: "Re: Need help on setting up win2000 dns"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 9 Dec 2004 04:12:43 -0600

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:ugH83Bb3EHA.1524@TK2MSFTNGP09.phx.gbl...
> In news:848edb4c.0412082023.6dc9432e@posting.google.com,
> Yui <yuui.yamane@esolia.co.jp> commented
> Then Kevin replied below:
> > Again, I am tring to setup the same DNS server for both
> > Internal DNS and External DNS.
>
> Sorry you can't use the same MS DNS server for Public and Private domains
of
> the same name. You will have to split this into two different DNS servers.

I agree with Kevin, but allow me to clafify: You CAN do it,
but it is a bad idea and always going to be a security risk from
at least two issues.

> One with a public zone publishing only public records, one with the
private
> zone publishing private records for the internal machines.
> BIND is supposed to be capable of this.

Yes it is but....

BIND will allow different VIEWS for different clients
(based on filter lists) but that is NOT a sufficient reason
for eschewing the advantages of MS DNS internally.

I recommend, and am pretty sure Kevin agrees, you put you
PUBLIC DNS back at the Registrar (or ISP if you must.)

You're not even following the business rules of the registration
process unless you have TWO or more DNS servers for the
public resolution.

Registrars like Godaddy.com and Register.com are perfectly
willing to provide this service and you likely already paid
for it.

---

• Next message: Herb Martin: "Re: A newbie question: what is SOA for?"
• Previous message: Herb Martin: "Re: Setup a new 2003 DNS in a mixed mode of 2000 and NT4"
• In reply to: Kevin D. Goodknecht Sr. [MVP]: "Re: Need help on setting up win2000 dns"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Why would anybody use .LOCAL? ... Then Kevin replied below: ... > private DNS servers hosting the same zone are authoritative for the ... > - The public DNS server will never see requests from the private ... > network, either physically or via VPN, and .COM when his request is ... (microsoft.public.windows.server.dns) Re: Thanks for article 300202 ... Hi Kevin. ... I suppose one warning is pratically not good enough but I can live with it for now. ... >> I suppose you are saying assign the DNS server in Windows ... (microsoft.public.win2000.dns) Re: NEWBIE: DNS server on ADSL with static IP ... The Glue record is the A record, he has apparently not create the Glue ... Not knowing who his registrar is I cannot tell ... He also needs these two records on his own DNS server, ... Kevin D4 Dad Goodknecht Sr. ... (microsoft.public.win2000.dns) Re: resolving DNS problems over a VPN ... Kevin D. Goodknecht Sr. ... Only over the vpn ... > VPN clients have an added problem when connecting to an Active Directory ... > Your VPN clients won't know which DNS server they are getting resolution ... (microsoft.public.win2000.dns) Re: Netdiag results: ... Ray ... "Kevin D. Goodknecht Sr. ... So I don't think it's my server, ... > Post the list of forward lookup zones in your local DNS server. ... (microsoft.public.windows.server.dns)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)