Sign in with
Sign up | Sign in
Your question

Need help on setting up win2000 dns

Last response: in Windows 2000/NT
Share
December 8, 2004 12:00:05 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi Herb,
Thank you for your reply. Please see my comments inline below:

>> Hi,
>> I am trying to setup an Win2000 DNS server in DMZ behind an
Watchguard
>> Firebox X, the public DNS IP from the ISP is NAT'd from the
firewall
>> to the DNS server, 60.x.x.x to 10.x.x.x.

>Where is the 10.x.x.x machine? Or are those two NICs on
>one machine?

The DNS with the 10.x.x.x is in DMZ. The unit is not equiped with two
NICs, but one. I read on some article that Windows2000 DNS can
possibly handle this configuration, DNS with NAT, although BIND can
deal with this without question.

>> And then I set it up behind the firewall with the
>> internal private address, 10.x.x.x., however, I can not lookup the
>> server properly...

>Which server?

The DNS server with the 10.x.x.x above.
I can neither do nslookup the DNS server from the internet, nor do
nslookup itself with DNS querries' timeout...

>> Would it be possible to resolve this issue, or
>> should I replace it with Bind?

>Huh?
>
>Any problem (of misconfiguration) can be resolved and
>Windows DNS is almost always superior for Windows
>domains (over BIND.)
>
>DNS
> 1) Dynamic for the zone supporting AD
> 2) All internal DNS clients NIC\IP properties must specify SOLELY
> that internal, dynamic DNS server (set.)
> 3) DCs and even DNS servers are DNS clients too -- see #2
> 4) On the internal DNS servers set the ISP DNS server(s) as
> the FORWARDER
>
>Restart NetLogon on any DC if you change any of the above that
>affects a DC.
>
>Ensure that DNS zones/domains are fully replicated to all DNS
>servers for that (internal) zone/domain.

Thanks, I checked the above points, but nothing has been resolved...
Let me summarize how I want to setup the systems as below:

External(Outside): Firewall

[External<->DMZ - NAT (60.x.x.x <-> 10.x.x.x)

DMZ: DNS with private IP (10.x.x.x)
- Service - Only DNS
- NIC x 1
- DNS Zone File, etc., -> Global IPs

[External<->Trusted - NAT (60.x.x.x <-> 192.x.x.x]

Trusted(LAN):
- DC Server with Private IP (192.x.x.x) and dynamic for the zone
- Client Pool
-- Primary DNS -> DC Server (Private IP)
-- Secondary DNS -> DNS Server (Private IP)

I can reach the internet from any of client PCs with the setting
above.

Do I need configure any additional parameters on the DNS server?

Please advise,

More about : setting win2000 dns

Anonymous
December 8, 2004 11:14:24 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

"Yui" <yuui.yamane@esolia.co.jp> wrote in message
news:848edb4c.0412072100.47bea6a5@posting.google.com...
> Hi Herb,
> Thank you for your reply. Please see my comments inline below:
>
> Thanks, I checked the above points, but nothing has been resolved...
> Let me summarize how I want to setup the systems as below:

You summary below is most confusing but guessing
based on questions that have been asked by others
it seems that you are perhaps trying to use the same
DNS server for both INTERNAL DNS server and
EXTERNAL DNS.

While it may be (with much difficulty) possible to
do this with MS, or even readily doable with BIND
this is NOT a good architecture and seldom gives
reliable and secure results.


> External(Outside): Firewall
>
> [External<->DMZ - NAT (60.x.x.x <-> 10.x.x.x)
>
> DMZ: DNS with private IP (10.x.x.x)
> - Service - Only DNS
> - NIC x 1
> - DNS Zone File, etc., -> Global IPs

> [External<->Trusted - NAT (60.x.x.x <-> 192.x.x.x]

If you aren't trying what I guessed the the NAT (probably)
has nothing to do with your DNS -- certainly for internal
use only.

> Trusted(LAN):
> - DC Server with Private IP (192.x.x.x) and dynamic for the zone
> - Client Pool
> -- Primary DNS -> DC Server (Private IP)
> -- Secondary DNS -> DNS Server (Private IP)

Are you saying you have the Primary for the Zone on the DC,
and the Secondary for the zone supporting AD on another
box?


> I can reach the internet from any of client PCs with the setting
> above.

What doesn't work?

> Do I need configure any additional parameters on the DNS server?

What you are trying to accomplish?

> Please advise,
!