Re: Internal & External DNS
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Wed, 28 May 2008 09:10:06 -0500
My way of doing it is simple:
Hosts on the LAN use *only* the Internal DNS.
The DNS Service uses the External DNS in the forwarders list
The internal DNS has only the AD zone and nothing else.
Firewall allows the internal DNS to make outbound DNS queries.
If you have Split-DNS requirements, then add a second Primary zone for the
Public Domain to the internal DNS. Your external DNS will never be queried
for that Zone by internal Hosts, however it will still be queried by Public
hosts.
In our case I do not run an external DNS, to me it is pointless. Our ISP
handles the Public Authoritative DNS for our Public Domain. So I follow
this pattern
1. Hosts on the LAN use *only* the Internal DNS.
2. The ISP's DNS is used in the forwarders list
3. The internal DNS has the AD Zone and a second Standard Zone for the
Public Zone.
4. Firewall allows the internal DNS to make outbound DNS queries.
5. ISP's DNS is the only one the "public" is aware of and is the one that
handles the "queries" from the "public",...while my internal hosts always
query my internal DNS for either my AD Zone or my Public Zone.
It's simple, clean, and I only have the internal DNSs to maintain. I call
the ISP on the rare occasion that I need something changed there.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
"jckylen" <jckylen.3a3jfb@xxxxxxxxxxxxx> wrote in message
news:jckylen.3a3jfb@xxxxxxxxxxxxxxxx
Lets see if I can add some details.
1. The inside of our network is behind a firewall. We have both
local and .org names with the same company name assigned. With the
internal DNS servers (inside the server 2003 AD environment) each of
these "domains" are seperate and if the suffix isn't appended or
specified the user doesn't see the server
2. On the outside the .local doesn't pass even with an entry on an
external DNS server. Tried putting the system with a "fake" .org name
but the internal servers don't seem to pass correctly from the outside
to the inside. We do have a firewall which will pass the connection if
I substitute the external IP address that is know and NATd to an
internal IP address but if I use the servers name then that doesn't get
thru.
So my less than clear question is how can I set up an outside DNS entry
(ie. company.org) that will go to my internal server (company.local)?
The attempt to make a straight up DNS entry didn't seem to work. I
understand that if my domain is the same (company.???) than having
children isn't a problem but the change from one extension to the next
seems to be my problem (especially since .local doesn't seem to be
working).
--
jckylen
------------------------------------------------------------------------
jckylen's Profile: http://forums.techarena.in/member.php?userid=50506
View this thread: http://forums.techarena.in/showthread.php?t=976357
http://forums.techarena.in
.
- References:
- Internal & External DNS
- From: jckylen
- Re: Internal & External DNS
- From: Herb Martin
- Re: Internal & External DNS
- From: jckylen
- Internal & External DNS
- Prev by Date: Re: Domain name in DHCP
- Next by Date: Re: Forwarders and Existing Zone
- Previous by thread: Re: Internal & External DNS
- Next by thread: Re: Internal & External DNS
- Index(es):
Relevant Pages
|
