Re: Nameserver scenario with advertisers and resolvers
- From: "ACE-Joe" <ACEJoe@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 23 Aug 2005 08:38:39 -0700
One more question. Is there anything special I should do in order to
configure my two resolvers? Should I have them forward requests to more
public DNS servers, or just use root hints? Should I disable recursion?
Etc. I have the advertisers setup now, and I want to get my resolvers
configured for testing.
Thanks
Joe
"ACE-Joe" wrote:
> Let me try to clarify what my questions are exactly:
>
> 1. When registering nameservers, I give my IP for both advertisers to the
> registrar and register nameservers like ns1.domain.com and ns2.domain.com.
> But what if I have multiple domains? I have 6 domains total that I need to
> host zones for, for my company. So do I register nameservers with the same
> IP and format for each domain?
>
> 2. What do I need to do on the DNS server once I register the nameservers?
> I know there is a nameservers tab on the zone properties. Do I need to make
> sure the nameservers appear as they are registered at the registrar, or do I
> want the machine name . domain.com? Also, do I need to create host records
> called ns1.domain.com and ns2.domain.com on each server registered as a
> nameserver?
>
> 3. In my case where my boss wants a primary and secondary server that are
> hidden that contain all the zones for all the domains we are hosting, and
> then wants two advertisers and two resolvers, should I make the advertisers
> secondary DNS servers of the primary server that is supposed to be hidden
> (just not registered as nameservers or appear on any domain nameserver list).
> What would be your recommendation for that type of scenario?
>
> I have the primary and secondary server up and running with copies of the
> zones already. I have the two resolvers setup configured as resolvers with
> the recommended configuration for advertisers. I am just not sure how to
> populate the zones, if I should create them manually, which would be a pain
> if we ever did switch over to the primary/secondary for any reason, unless we
> update records on both sets of servers any time there was a change. Or do I
> make the advertisers secondary to the primary and let the zones transfer from
> the master? But if I did that, and someone would attack the advertisers,
> wouldn't that tell them about the primary/secondary and defeat the purpose of
> having them?
>
> I could make the basic split DNS work no problem, but when my boss wants to
> throw in these two extra servers to be hidden, it throws my thinking off a
> little. I know this is overkill for a company of our size, and I'm not even
> sure if he is going to do this in production or not, but I have to test it
> and prove the design.
>
> Thanks so much for your help, I love these newsgroups!
>
> Thanks
> Joe
>
> "Ace Fekay [MVP]" wrote:
>
> > In news:4AEEF246-7E02-487B-AC72-B7DCE559422A@xxxxxxxxxxxxx,
> > ACE-Joe <ACEJoe@xxxxxxxxxxxxxxxxxxxxxxxxx> made this post, which I then
> > commented about below:
> > > Hi all,
> > >
> > > If I am going to setup a DMZ with two main DNS servers in a
> > > Primary/Secondary configuration, but also use 2 advertisers and 2
> > > resolvers on separate servers, how do I setup the NS records and
> > > basic DNS configuration? I.E. I have 6 test domains registered. I
> > > want to setup the nameservers to point to the DNS servers in my DMZ.
> > > But do I setup nameservers for each of the servers including the
> > > advertisers/resolvers? Any general configuration tips or suggestions
> > > here? I'm not very familiar with this type of configuration.
> > >
> > > Thanks
> > > Joe
> >
> > Still at it? :-)
> >
> > Keep in mind, the advertiser is the machine that will be hosting your public
> > records for your clients and the Internet. The nameserver records on these
> > machines are these machines' nameserver FQDN and IP addresses, since they
> > are the machines regstered as the nameservers for your external domain name
> > when you registered them or changed them to. That's important. Keep in mind
> > as well, they do not have any references to the internal domain whatsoever.
> > If you put the internal domain data on them, it will 'lame' them. Your
> > internal DNS have nothing to do with these guys. The only thing on the
> > internal DNS is to create shadow copies of resources (www, ftp, etc) to
> > either the external IPs or the internal private IPs, depending on where the
> > webserver or ftp server, etc, are being hosted.
> >
> > The resolver will be the ones that are being used as a forwardee from the
> > internal DNS servers. The resolver, as far as the public is concerned, do
> > not exist to them. The nameserver records on them do not matter.
> >
> > Both will be sitting on your DMZ. The internal DNS will have forwarding set
> > to the 'resolver' which in turn will resolve external names by forwarding to
> > some external server.
> >
> > --
> > Regards,
> > Ace
> >
> > Please direct all replies ONLY to the Microsoft public newsgroups
> > so all can benefit.
> >
> > This posting is provided "AS-IS" with no warranties or guarantees
> > and confers no rights.
> >
> > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> > Microsoft Windows MVP - Windows Server - Directory Services
> > Infinite Diversities in Infinite Combinations.
> > =================================
> >
> >
> >
> >
.
- Follow-Ups:
- Re: Nameserver scenario with advertisers and resolvers
- From: Ace Fekay [MVP]
- Re: Nameserver scenario with advertisers and resolvers
- References:
- Nameserver scenario with advertisers and resolvers
- From: ACE-Joe
- Re: Nameserver scenario with advertisers and resolvers
- From: Ace Fekay [MVP]
- Re: Nameserver scenario with advertisers and resolvers
- From: ACE-Joe
- Nameserver scenario with advertisers and resolvers
- Prev by Date: Re: Domain Rename
- Next by Date: Re: Nameserver scenario with advertisers and resolvers
- Previous by thread: Re: Nameserver scenario with advertisers and resolvers
- Next by thread: Re: Nameserver scenario with advertisers and resolvers
- Index(es):
Relevant Pages
|
Loading
