Re: dns best practices

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Herb Martin" <news@xxxxxxxxxxxxxx>
• Date: Tue, 25 Apr 2006 10:28:04 -0500

---

"Bad Beagle" <maxwelli@xxxxxxxxxxxxxxxx> wrote in message
news:%23ClyibHaGHA.4916@xxxxxxxxxxxxxxxxxxxxxxx

I currently have a split dns which was initially desinged when internal and
external domains were the same. I now have whaterver.local as my internal
and whatever.com as my external.

You say <currently have split DNS> and <now have .com/.local>
which are inconsistent.

The latter is not an example of Split or Shadow DNS.

We must presume you are switching from the former to the
latter but please correct the record if this is not your situation.

My question is what do I do with machines in my DMZ - should I have a
separate DNS server for these machines?

Depends on their roles and needs. If they are DOMAIN
machines they will need to be able to resolve INTERNAL
DNS and so must (themselves) use the Internal DNS Server
(set). Even if they are DNS servers themselves.

Even if they are public machines (offering resources to the world)
they might in theory never need to resolve an external name.

They may need to be LISTED however in both zones, to be found
by both internal users and external customers. This is true whether
you use two different domain names or the same (Shadow/Split
DNS.)

An (unusual) example: An Enterprise level ISA (Proxy) Server
which must be a member of a domain but which itself is the
DNS forwarder to the outside world.

The ISA machine uses the INTERNAL DNS server set as a DNS
CLIENT (on it's NIC->IP Properties) but the internal DNS servers
forward to this server which actually performs all external
lookups.

By the way, for most small companies (in terms of Internet
presence) one should NOT run the public DNS anyway, but
should rather return it to the REGISTRAR.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

.

---

• References:
  • dns best practices
    • From: Bad Beagle

• Prev by Date: Re: DNS resolcing externally for local machines..
• Next by Date: Re: DNS resolcing externally for local machines..
• Previous by thread: dns best practices
• Next by thread: RE: dns best practices
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Non-domain connection problem ... "Gregg Hill" wrote: ... You said that you "hard coded the DNS server to a known DNS on the ... Connect to Internet from external network ... (microsoft.public.windows.server.sbs) Re: Added router, lost web site ... Did your ISP create a DNS record for your FQDN? ... > really have a direct connection. ... > Internet connection information: ... > Preferred DNS server: someisp DNS server address ... (microsoft.public.windows.server.sbs) Re: Unix Bind and Windows DNS with Dynamic update issues!!! ... >suggest but it does NOT service internal clients directly. ... still have UNIX BIND to do the rest for host name and internet resolution. ... Windows 2003 DNS will acting as another internal DNS server like UNIX BIND? ... (microsoft.public.win2000.dns) Re: DNS not resolving correctly on VPN ... When they log in via VPN, we pass the same DNS server. ... I will work with one of this machines today and post back. ... > the users use the OWA from the Internet side? ... (microsoft.public.win2000.dns) Re: Unix Bind and Windows DNS with Dynamic update issues!!! ... >> 2) All internal DNS clients NIC\IP properties must specify SOLELY ... >> we are running UNIX BIND as internal and external DNS server. ... > expose your sensitive internal information on the Internet. ... >> internal clients like Windows, Mac etc are pointing to UNIX BIND server to ... (microsoft.public.win2000.dns)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.dns  > 2006-04