Re: DNS for Idiots...

From: Mike (mikey117_at_hotmail.com)
Date: 02/20/05

• Next message: Dave: "Re: How Secure is ".Local?""
• Previous message: Bill: "DNS Over a Segment"
• In reply to: Roland Hall: "Re: DNS for Idiots..."
• Next in thread: Roland Hall: "Re: DNS for Idiots..."
• Reply: Roland Hall: "Re: DNS for Idiots..."
• Messages sorted by: [ date ] [ thread ]

---

Date: Sun, 20 Feb 2005 09:17:16 -0600

Before I go any further, yes, abc.com is used publicly and is the AD domain.
I guess I've opened a whole new can of worms, huh?

"Roland Hall" <nobody@nowhere> wrote in message
news:O12pA2zFFHA.228@TK2MSFTNGP15.phx.gbl...
> Starting fresh. Here is my understanding of what you have and what you
> need. You can correct the former and I'm sure if I get the latter wrong
> someone else will point that out.
>
> Public (Internet):
> domain: abc.com
> DNS: Primary DNS is at ISP - we'll call it ns1.isp.com
> DNS zones for abc.com should only list public IP addresses for abc.com
>
> Private (LAN):
> domain: def.com
> DNS: Primary DNS is pointing to a DNS server on your LAN? Why is it not
> using ns1.isp.com as the primary DNS server?
>
> Router can accept multiple public IPs, if required. It should then NAT
> those to private IPs running on servers on the LAN, web servers, not DNS
> servers.
>
> Private DNS servers should host only private addressing. A reason to
> include a public address for either a web site or a mail server is if they
> are hosted outside the LAN and sharing the same domain name (ex. abc.com)
> You never said or I missed it if abc.com is used publicly and as the AD
> domain. It requires additional configuration if this is the case.
>
> Your forwarder should point to the router, if possible. Let the router
> forward this to the ISP. Your router has to support this. If not, then
> pointing the forwarder to the ISPs DNS is correct. No systems, servers or
> workstations on the LAN should point to any public DNS server. The
> forwarder is only to allow cleints on the LAN resolve public addressing.
> In
> fact, it's not required but speeds things up a bit.
>
> I'll give a brief scenario. I have almost 50 domains but we'll look at
> two
> of them.
> domain: kiddanger.com
> Internet Host: Primary and secondary is at the host. Mail server is at
> the
> host.
>
> domain: netfraud.us
> Hosted on my LAN behind a NAT/firewall.
> Public DNS is at DynDNS.org.
> Private DNS is on my DC running AD.
> My web server, on my LAN, is running multiple domains using host headers.
> My mail server is on my LAN. My MX record is on the DNS at DynDNS.org.
> There is no MX record configured on my LAN. MX records are for servers,
> not
> clients.
>
> All of my clients and my servers on my LAN only use my DCs DNS. My DC has
> a
> forwarder that points to my router. My router gets its DNS from my ISP.
> My
> AD domain has a unique domain name that is not used on the Internet or a
> legal public DNS name. My clients and my servers only use private IP
> addressing. That is the whole point of NAT, translate the public IP
> address
> to a private one. It's usually a one to many scenario but there is also
> multi-NAT, which should be self-evident.
>
> The only issue I have currently is Exchange where I think I screwed the
> pooch testing certificates and one domain cannot receive mail. Everything
> else works at it should.
>
> --
> Roland Hall
> /* This information is distributed in the hope that it will be useful, but
> without any warranty; without even the implied warranty of merchantability
> or fitness for a particular purpose. */
> Online Support for IT Professionals -
> http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
> How-to: Windows 2000 DNS:
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
> FAQ W2K/2K3 DNS:
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382
>
>

---

• Next message: Dave: "Re: How Secure is ".Local?""
• Previous message: Bill: "DNS Over a Segment"
• In reply to: Roland Hall: "Re: DNS for Idiots..."
• Next in thread: Roland Hall: "Re: DNS for Idiots..."
• Reply: Roland Hall: "Re: DNS for Idiots..."
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: DNS for Idiots... ... DNS: Primary DNS is at ISP - we'll call it ns1.isp.com ... Primary DNS is pointing to a DNS server on your LAN? ... those to private IPs running on servers on the LAN, web servers, not DNS ... Private DNS servers should host only private addressing. ... (microsoft.public.win2000.dns) Re: using win2K to host internet DNS ... We are not using private IP. ... Does that make this simpler or do I still need to additional servers? ... > Keep in mind to accomplish this, it's required that you have separate DNS ... > two nameservers to host public DNS content. ... (microsoft.public.win2000.dns) Re: Bringing DNS In-house ... And I don't think DNS should have anything to do with your "failover". ... There is nothing your ISP can do about that. ... Failover with servers is done through server clustering (such as Windows ... But if this is the case, do I also need a CNAME for the private ... (microsoft.public.windows.server.dns) Re: DNS .local vs .com ... > I need to add an entry to the DNS so that the PCs will ... > private side of the firewall or in the DMZ. ... needed to access all servers internal and external. ... (microsoft.public.windows.server.dns) Re: DNS .local vs .com ... > I need to add an entry to the DNS so that the PCs will ... > private side of the firewall or in the DMZ. ... needed to access all servers internal and external. ... (microsoft.public.windows.server.dns)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.dns  > 2005-02