Re: Conditional recursive DNS - is it possible?

---

• From: Andrew Hodgson <me3@xxxxxxxxxxx>
• Date: Sun, 22 Jan 2006 00:11:55 +0000

---

On Sat, 21 Jan 2006 00:08:01 -0800, Vova Bazanov
<VovaBazanov@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

>First, sorry for bad English. I have local network with AD domain and
>internal AD-integrated DNS servers, DMZ network with Windows 2003 servers,
>working as external SMTP server and DNS server for itself, DMZ and internal
>DNS (internal DNS forwards all unresolved querys to DMZ DNS). My external DNS
>zone is holded now by external autority (ISP). I want to hold my external
>zone myself on my DMZ DNS servers. I know, what I should disable recursion
>for external (Internet) DNS servers to prevent exessive traffic and possible
>attacks. However, I need recursion enabled on it for it's own ip, all my DMZ
>ip's and local network. Is there any way to conditionnally enable/disable
>recursion on Windows server 2003 DNS by request source ip, or any other means
>to maintain recursive and non-recursive DNS on same server? I think, what
>installing additional DMZ server to work _only_ as external DNS is too
>much/expensive for me :) Or I want too much?

Hi,

I had the same issue as you, and ended up buying a cheap (cost around
£50) product called Simple DNS Plus from http://www.simpledns.com. I
have owned it since 2002, and have never looked back. I was
disapointed that the 2k3 DNS server didn't contain some of its
features, and although i use the 2k3 DNS server for AD, I will always
use this on the external network. You can host DNS zones on it, and
allow specific machines to do recursion through it.

If you want any help with it please shout :).

Andrew.
--
Andrew Hodgson in Bromyard, Herefordshire, UK.
My Email: use <andrew at hodgsonfamily dot org>.
.

---

• Prev by Date: Re: Windows Server 2003 DNS behind a Cisco PIX firewall... help!
• Next by Date: Re: Windows Server DNS - Comprehensive Walkthrough
• Previous by thread: Re: Conditional recursive DNS - is it possible?
• Next by thread: Re: Windows Server DNS - Comprehensive Walkthrough
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Windows cannot find the network path error message in GPMC ... Preferred DNS server. ... bar of the Network Connections window, ... sure you have Forwarders to your ISP DNS servers Enabled. ... preventing access to this computer from the Internet" is Not checked on this ... (microsoft.public.windows.group_policy) Re: DNS problem - 2 IP addresses on one adapter ... the name is available via public DNS and resolves to our ... another FQDN which on public DNS servers resolves to the same external ... Then you need two DNS servers -- MS DNS gives same ... 192.168.x.y won't route on the Internet. ... (microsoft.public.windows.server.dns) RE: New Forest - Old Domain - Plus DMZ - Help Please ... Make sure Windows XP client should use the AD DNS ... The Cert should match the name in Internet. ... New Forest - Old Domain - Plus DMZ - Help Please ... vast majority of our inside production equipment is 2003 servers and XP ... (microsoft.public.windows.server.migration) Re: dns + firewall? ... The DNS for the public resolution from the Internet? ... users to resolve to both the external AND the internal versions of the zone. ... DNS servers how to resolve "the Internet" -- the ... (microsoft.public.win2000.dns) Re: Internal Domain Question ... Steve Athanas ... >> using split-brain DNS, so you don't expose internal systems to internet ... Setup DNS to forward to the DMZ server, that way you get resolution on your ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)