Internet - Intranet DNS

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Hello,

This is my problem:

I want to setup the following DNS configuration:

1. One DNS (DNS1) to resolve Internet host names

2. Another DNS (DNS2) to resolve Intranet names

3. Clients with:

Preferred DNS Server: DNS1

Alternate DNS Server: DNS2

Then when a client try to resolve a Internet host name it will be resolve by
DNS1 if the client try to resolve an Intranet host name, and as DNS1 can't
resolve it, it will be resolve by DNS2.

I have set up this scenario but does not work. Could someone help me?

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Actually you might want to consider setting them both up as AD integrated
DNS.
See:
http://support.microsoft.com/default.aspx?scid=kb;en-us;275278&Product=win2000

This will resolve everything on your AD domain.


For Internet access configure forwarders and list your ISP's DNS server as
the forwarder.
See:
How to: Configure DNS for Internet Access In Windows 2000

http://support.microsoft.com/default.aspx?scid=kb;en-us;300202



Everything it can't resolve will get forwarded to your ISP's DNS servers.





hth

DDS W 2k MVP MCSE

"Microsoft News" <e_arias@viabcp.com> wrote in message
news:OT4uJ$qaEHA.3664@TK2MSFTNGP12.phx.gbl...
> Hello,
>
> This is my problem:
>
> I want to setup the following DNS configuration:
>
> 1. One DNS (DNS1) to resolve Internet host names
>
> 2. Another DNS (DNS2) to resolve Intranet names
>
> 3. Clients with:
>
> Preferred DNS Server: DNS1
>
> Alternate DNS Server: DNS2
>
> Then when a client try to resolve a Internet host name it will be resolve
by
> DNS1 if the client try to resolve an Intranet host name, and as DNS1 can't
> resolve it, it will be resolve by DNS2.
>
> I have set up this scenario but does not work. Could someone help me?
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:OT4uJ$qaEHA.3664@TK2MSFTNGP12.phx.gbl,
Microsoft News <e_arias@viabcp.com> posted a question
Then Kevin replied below:
> Hello,
>
> This is my problem:
>
> I want to setup the following DNS configuration:
>
> 1. One DNS (DNS1) to resolve Internet host names
>
> 2. Another DNS (DNS2) to resolve Intranet names
>
> 3. Clients with:
>
> Preferred DNS Server: DNS1
>
> Alternate DNS Server: DNS2
>
> Then when a client try to resolve a Internet host name it
> will be resolve by DNS1 if the client try to resolve an
> Intranet host name, and as DNS1 can't resolve it, it will
> be resolve by DNS2.
>
> I have set up this scenario but does not work. Could
> someone help me?

That is not exactly how the resolver works, and you can't configure it this
way. If DNS1 does not answer within 1 second it queries DNS1 and DNS2, if
either answers with either a positive or negative answer the query stops.
Whichever DNS answers first is moved to the preferred position until TCP/IP
is reset.

All DNS servers in your NIC must be able to answer all queries, you cannot
have one resolving internal and one resolving external. BOTH must be able to
resolve BOTH internal _AND_ external.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your
issue. To respond directly to me remove the nospam. from my
email. ==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

On Thu, 15 Jul 2004 16:07:48 -0500, "Microsoft News"
<e_arias@viabcp.com> wrote:

>This is my problem:
>
>I want to setup the following DNS configuration:
>
>1. One DNS (DNS1) to resolve Internet host names
>
>2. Another DNS (DNS2) to resolve Intranet names
>
>3. Clients with:
>
>Preferred DNS Server: DNS1
>
>Alternate DNS Server: DNS2
>
>Then when a client try to resolve a Internet host name it will be resolve by
>DNS1 if the client try to resolve an Intranet host name, and as DNS1 can't
>resolve it, it will be resolve by DNS2.
>
>I have set up this scenario but does not work. Could someone help me?

Change your scenario. ALL clients point only to DNS1. DNS1 forwards
to DNS2.

Jeff

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks all for your answers.

What happen is that our security police restrict that kind of configuration
(forwarding), then the Internal DNS (DNS2) must not resolve Internet host
names.

Someone tell me that I can resolve this problem installing a Proxy (ISA)
server that handles the DNS request for Internet names.

Do you know something about it?

Thanks


"Jeff Cochran" <jeff.nospam@zina.com> escribió en el mensaje
news:40fcd183.171225609@msnews.microsoft.com...
> On Thu, 15 Jul 2004 16:07:48 -0500, "Microsoft News"
> <e_arias@viabcp.com> wrote:
>
> >This is my problem:
> >
> >I want to setup the following DNS configuration:
> >
> >1. One DNS (DNS1) to resolve Internet host names
> >
> >2. Another DNS (DNS2) to resolve Intranet names
> >
> >3. Clients with:
> >
> >Preferred DNS Server: DNS1
> >
> >Alternate DNS Server: DNS2
> >
> >Then when a client try to resolve a Internet host name it will be resolve
by
> >DNS1 if the client try to resolve an Intranet host name, and as DNS1
can't
> >resolve it, it will be resolve by DNS2.
> >
> >I have set up this scenario but does not work. Could someone help me?
>
> Change your scenario. ALL clients point only to DNS1. DNS1 forwards
> to DNS2.
>
> Jeff

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:uBd9Rx0aEHA.1764@TK2MSFTNGP10.phx.gbl,
Microsoft News <e_arias@viabcp.com> asked for help and I offered my
suggestions below:
> Thanks all for your answers.
>
> What happen is that our security police restrict that kind of
> configuration (forwarding), then the Internal DNS (DNS2) must not
> resolve Internet host names.
>
> Someone tell me that I can resolve this problem installing a Proxy
> (ISA) server that handles the DNS request for Internet names.
>
> Do you know something about it?
>
> Thanks
>
>

If your policy doesn't allow internal DNS resolving Internet names, your
best bet is ISA. Do keep in mind, when a forwarder is configured, its still
protected from the Internet since it is not handling queries outside of the
network's scope, rather its sending the query to your ISP's DNS and the
answer is returning from that machine.

Here's more info on ISA. ISA is a separate topic in itself.
http://www.microsoft.com/isaserver/

Microsoft Internet Security and Acceleration (ISA) Server- An Overview of
Feature Pack 1- Thursday, February 20, 2003:
http://support.microsoft.com/default.aspx?kbid=813774

If you like to learn more about it, I can suggest to post to the ISA
newsgroup with specific questions.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

MN> [...] our security police restrict that kind of
MN> configuration (forwarding) [...]

For a concrete reason? Or because they don't understand it?

MN> then the Internal DNS (DNS2) must not resolve
MN> Internet host names.

I'm leaning towards the "Your 'security police' don't understand the DNS."
hypothesis, upon reading this.

If you want your machines to be capable of using both "internal" and
"external" domain names, then some DNS server somewhere *must* be capable
of handling both sets of names. The splitting in "split horizon" DNS
service is *always* done on a DNS server somewhere. It cannot be done on
DNS clients because no DNS client (that I know of) has the capability
for doing it.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon.html>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

MN> I want to setup the following DNS configuration:

You want to do something that won't work.

MN> 1. One DNS (DNS1) to resolve Internet host names
MN> 2. Another DNS (DNS2) to resolve Intranet names
MN> 3. Clients with:
MN> Preferred DNS Server: DNS1
MN> Alternate DNS Server: DNS2

Instead, configure your clients to use only DNS2, and have DNS2 capable of
resolving queries for both "internal" and "external" names (either by
performing query resolution itself or by forwarding queries for "external"
names on to DNS1).