|
sponsored links |
|
|
sponsored links
|
|
1
29th March 07:56
External User
Posts: 1
|
Looking to host our own DNS live
Hi, we are a school system looking at hosting our DNS
live. Setup: * We currently host internal AD intergrated DNS on Windows 2003 Standard Server * Internal users and remote users who vpn to our network use the internal DNS to find resources. * The DNS server is also hosting Exchange 2003 We want to setup a primary, live DNS server on the above Server so that we have Internal AD intergrated DNS server on it AND a live primary DNS non AD intergrated DNS server on it as well. We are wanting to setup the Live DNS on a second Network card on the server with a live IP address, publish it thru the ISA server and redelegate our Live name server to be the primary one with the seconday name server hosted externally with our curent service provider. The external domain would be like school@wa.edu.au and the internal something like office.school.wa.edu.au What we want to know is: Is this possbile without any major headaches? Can this External/Internal DNS sit on an Exchange Server or is that not advisable? Should this DNS setup be hosted on a separate server? If so Why? We also use NAT to map published internal services to live ip addresses like current internal exchange server NATTED out to live ip address. Will this affect the desired setup. Your comments would be appreciated. Please let me know if you want further clarification. |
|
|
|
2
29th March 07:56
External User
Posts: 1
|
Looking to host our own DNS live
In news:04e801c3c05a$65e06420$a501280a@phx.gbl,
Paul <paull@scea.wa.edu.au> posted a question Then Kevin replied below: What do you mean by "Live" DNS server? If you mean Public DNS, you should not host public and private records in the same zone. So I would need you to clarify this a bit but it should probably be done on two DNS servers so there is no chance of DNS giving out private addresses to the public. -- Best regards, Kevin D4 Dad Goodknecht Sr. [MVP] Hope This Helps ============================ When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. To respond directly to me remove the nospam. from my email. ========================================== -- http://www.lonestaramerica.com/ ========================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ ========================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx ========================================== |
|
|
|
3
29th March 07:56
External User
Posts: 1
|
Looking to host our own DNS live
Hi Kevin, I mean Public DNS. And we were thinking about
havind two zones setup on the one internal DNS server. One zoned called office.school.wa.ed.au that's AD intergrated and serves the internal domain. The other zone, non AD intergrated, called something like school.wa.edu.au that is configured to only answer queries from a public ip address on a second network card on the machine. That way we separate the two zones with one serving internal queries only and the other serving external queries. Kevin, what other info would you need? regards Paul network above server Network Server If if private records in but it should chance of DNS giving out your your issue. email. |
|
|
|
4
29th March 07:56
External User
Posts: 1
|
Looking to host our own DNS live
You can, but the real question is why? It is easier and in many cases,
better, to just let your registrar host your one or two public names. This is also usually free or included with your yearly domain name registration fee (depending on the registrar.) They host it and have the bandwidth and backups, etc. You don't need to dedicate hw and resources to it and can keep your server private behind the firewall. All-in-all I think this would be a better solution for you. -- William Stacey, MVP |
|
|
|
5
29th March 07:56
External User
Posts: 1
|
Looking to host our own DNS live
In news:006401c3c067$1e8716c0$a001280a@phx.gbl,
anonymous@discussions.microsoft.com <anonymous@discussions.microsoft.com> posted a question Then Kevin replied below: You would *not* want to add second network card on a DC, if you do you would have to make some registry entries to stop the registration of the Blank domain records and the blank GC records then create the necessary blank domain and GC records with the internal IP of the interface that has file sharing enabled on it. 272294 - Active Directory Communication Fails on Multihomed Domain Controllers http://support.microsoft.com/default.aspx?scid=kb;en-us;272294&FR=1 267855 - Problems with Many Domain Controllers with Active Directory Integrated DNS Zones http://support.microsoft.com/default.aspx?scid=kb;en-us;267855&FR=1 Also, if you are hosting servers locally such as web and mail servers you will need a zone for the domain name the servers are in such as "school.wa.ed.au" but this zone must have records with the internal address of the server. If you want to host the public zone you would need to install DNS on a separate server that no internal machine would use for DNS then the records in its zones would have public records only. The point that I'm getting at, you will need a minimum of two DNS servers if you want to host the public zone locally. MSDNS can only hold one network view, if it holds the public view it cannot hold the internal view in the same zone, unless your internal machines have only public IP addresses. I know of networks set up this way, if you do this, you better have a good firewall. -- Best regards, Kevin D4 Dad Goodknecht Sr. [MVP] Hope This Helps ============================ When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. To respond directly to me remove the nospam. from my email. ========================================== -- http://www.lonestaramerica.com/ ========================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ ========================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx ========================================== |
|
|
|
6
29th March 07:57
External User
Posts: 1
|
Looking to host our own DNS live
P> The other zone [...] is configured to only answer
P> queries from a public ip address on a second network card P> on the machine. Microsoft's DNS server does not support the tagging of DNS database records (or even a more coarse grained tagging of whole "zones") with what client IP addresses they should be visible to. The only way to achieve "split horizon" DNS service with Microsoft's DNS server is to have two distinct servers. <URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon.html> |
|
|
Linear Mode
