Re: Creating a new Zone in DNS


"Cyborg" <apollo13@xxxxxxxxxxxxxx> wrote in message
news:419307D6-0187-4E1F-A3B4-4AE94D632600@xxxxxxxxxxxxxxxx
I think I understand, I don't need the resolution for the entire domain
just one or two, like ftp.domain.co.uk or mail.domain.co.uk. I created a
new primary zone called mail.cbsoutdoor.co.uk but can you tell me what the
next step is as the only record under this is (same as parent folder), name
server and the DNS server name. How can I add the private IP?

Sorry for the delay -- this only showed up today.

Yes, for mail.cbsoutdoor.co.uk you add an A record with the NAME
BLANK (or empty or SAME as parent) -- this is the same idea
as having an address for now just www.LearnQuick.Com but
also one for Learnquick.com (without the www) but you are
doing it ONE LEVEL DEEPER (or more) in the zone hierarchy.

Now you have a Zone named mail.cbsoutdoor.co.uk and an
address for the "zone" (server) itself without you taking over
responsibility for the entire 'parent' zone (cbsoutdoor.co.uk)

Kind of slick actually.




"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:eSGkFZHzIHA.1772@xxxxxxxxxxxxxxxxxxxxxxx
Hi, we only have one forward lookup zone for our Active Directory
domain, it's all Windows 2003 Native. Now we have many web servers on
our DMZ (on our Cisco firewall) that external customers get to. They
use addresses like ftp.domain.co.uk and webmail.domain.co.uk etc but
my internal users can't get to these as the domain names resolve to
external IP's on the firewall.

What do I need to do then? I only have one zone in DNS which is a
diffent Domain name to this external one we use. Do I need to create a
new primary zone?

Then how do you have a problem? If your internal servers are NOT
holding the zone for the external servers, then you EITHER forward
to the ISP or do recursion on the Internet and you will automatically
get the same entries the rest of the world will get.

If you want to hold that zone to give out different IPs (private ones)
to internal clients then you can do that if you provide ALL of the
resoluton for that external zone.

IF you wish to provide resolution that is different for just a few (or
many) of those external zone/domain names then you must create
a DNS "zone" for EACH such INDIVIDUAL SERVER (that's
right a ZONE PER SERVER) and add the "empty", "blank" or
"Same as parent" entry with the correct IP.

This zone per server idea overrides JUST that server domain
(now a zone) name and thus eliminates its lookup but ONLY
that particular servers lookup, from the external or other DNS.

"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:OgN0RMGzIHA.4040@xxxxxxxxxxxxxxxxxxxxxxx

"Cyborg" <apollo13@xxxxxxxxxxxxxx> wrote in message
news:234C796B-1CAD-47E7-ACBC-1087FB72742C@xxxxxxxxxxxxxxxx
Hi, we only have one forward lookup zone for our Active Directory
domain, it's all Windows 2003 Native. Now we have many web servers on
our DMZ (on our Cisco firewall) that external customers get to. They
use addresses like ftp.domain.co.uk and webmail.domain.co.uk etc but
my internal users can't get to these as the domain names resolve to
external IP's on the firewall.

If you use the same Domain names (not addresses) internally and
externally
for your zones then YOU must manually add the external record names
and address to your internal zone.

Such is termed "Shadow DNS".

My internal users however can get to these my using the private IP
address of these server, so I thought is it possible to create a new
zone called doamin.co.uk and then create ftp.domain.co.uk etc to point
to the private IP address, so everyone is use the same FQDN?

Nice thing is when you do that extra manual work you can choose to give
internal users the internal or the external address for them, as
appropriate.









.

Relevant Pages

  • CORRECT! Heres ZA Tech Supports Email Re: Internet Worms and ZoneAlarm
    ... ZoneAlarm protects the computer it is installed on by only allowing Internet ... There is a third zone -- a Restricted Zone (which restricts access to your ... Server rights to both Local AND Internet Zones. ...
    (comp.security.firewalls)
  • Re: For anyone interested in blocking nameserver lookups to sites
    ... > 8.2.x series name server and a semi-current version of RedHat Linux. ... > The first thing that you need to do is setup the start of the named.conf ... > zone "doubleclick.net" in { ... > however you can go into Internet Options -> Advanced tab and turn off ...
    (comp.os.linux.security)
  • Re: Choosing DNS Name
    ... external Internet you need option 1, although it is the most DNS-intensive ... Same internal and external DNS domain name. ... maintain entirely separate DNS implementations (no zone transfers, etc.), ... of an important IP host such as a web server, mail server, or VPN server) ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to use sub-domain
    ... The administrator maintains entirely separate DNS implementations (no zone ... server, or VPN server) must also be changed manually in the internal AD/DNS ... Company users accessing the network from the Internet ...
    (microsoft.public.windows.server.general)
  • Re: Zone transfer
    ... >>> I have a 2 Windows 2000 servers that host AD and DNS. ... >> but you can allow transfers to a secondary zone. ... >>> on the secondary DNS server and checked DNS event logs. ... So it worked from the internet but not interally on the ...
    (microsoft.public.win2000.dns)