Re: Using Microsoft DNS for Public domains

ACE-Joe <ACEJoe@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> Hi all,
>
> Ok, this is going to sound really silly and its probably something
> simple. But here is my situation. I have a DMZ at my location. I
> have a split-split DNS setup configured. I have two advertisers
> setup in my DMZ that are primary/secondary servers for my public
> domains. I registered several domain names. On the first domain
> name I registered two nameservers at my registrar. For example
> domainx1.com has nameservers registered as ns.domainx1.com and
> ns2.domainx1.com. They both point to their respective public IP
> addresses I'm using on my firebox. I have the firebox (using NAT)
> forwarding traffic for the first public IP address (for first ns) to
> the internal DMZ IP of the primary DNS server. I have the second
> nameserver IP forwarded to the internal DMZ IP of the secondary DNS
> server. On the primary server I created host records for ns and ns2
> and then modified the nameservers tab for the zones to reflect ns and
> ns2.domainx1.com with their public IP addresses. My first question
> is here, my DMZ is on an isolated private network with a firebox at
> the ISP using NAT (One to One NAT). Do I use the public IP addresses
> of the nameservers in the nameservers tab and host records in each
> zone, or do I leave them as is with the private DMZ IP?

Use the public IP, this will be your glue.

>
> Now I have domain, I have my nameservers, I can ping the
> nameservers by name from my home computer on a separate ISP. They go
> to the correct IP addresses. In my firebox I am not blocking ICMP
> traffic, and I'm not restricting any ports (YET I'm still testing).
> I cannot ping my domains, and I can't resolve the website. I have a
> www record in the domain forward lookup zone, but it won't resolve
> from the outside. If I do any nslookup tests on my domains they all
> timeout.
>
> So in summary, I guess my question would be, what configuration
> settings are necessary and what public IP addressing/forwarding is
> necessary to get Microsoft DNS working in a DMZ to host public
> domains/websites? Do I need to reference public IP addresses in the
> zone configuration even though servers are setup with a private DMZ
> IP addressing scheme. And what other configuration would be
> necessary with nameservers etc? Anything special to register
> nameservers with a Microsoft DNS server?

You need to set up a DNS server for internal clients to use that resolves to
all the private addresses.
The public DNS server cannot have any records with the private IP and none
of the internal clients can use these DNS servers.

For Zone transfers to work since both DNS servers are behind the same NAT
device, you need to specify allow zone transfers to the Private IP of the
secondary DNS server.

The host that is in the DMZ should also use the internal DNS server in its
TCP/IP properties.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


.

Relevant Pages

  • Re: Using Microsoft DNS for Public domains
    ... I have a DMZ at my location. ... >> name I registered two nameservers at my registrar. ... >> the internal DMZ IP of the primary DNS server. ... or do I leave them as is with the private DMZ IP? ...
    (microsoft.public.windows.server.dns)
  • Re: Using Microsoft DNS for Public domains
    ... addresses that forward to my two nameserver DNS Servers on my home machine, ... the public IP addresses pointing to the internal DMZ IP addresses. ... >> name I registered two nameservers at my registrar. ... >> the internal DMZ IP of the primary DNS server. ...
    (microsoft.public.windows.server.dns)
  • Using Microsoft DNS for Public domains
    ... I have two advertisers setup in my DMZ ... at my registrar. ... For example domainx1.com has nameservers registered as ... forwarded to the internal DMZ IP of the secondary DNS server. ...
    (microsoft.public.windows.server.dns)
  • Re: Glue is different from what parent servers report
    ... we had a dns server crash, so i had to install it from scratch again, ... the second network card the ip 192.168.0.15 and started importing the ... Remove the unwanted IP addresses from the Nameservers tab, ... How to Configure OEx for Internet News ...
    (microsoft.public.windows.server.dns)
  • Re: Root Hints or forwarders?
    ... > My vote is to set to internal forwarding to the ISP and never the dmz. ... Setting it to the DMZ machines means that you internal DNS ... >> Use the forwarding tab on the INTERNAL DNS server properties, ...
    (microsoft.public.win2000.dns)