Need help on setting up win2000 dns

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi Herb,
Thank you for your reply. Please see my comments inline below:

>> Thanks, I checked the above points, but nothing has been
resolved...
>> Let me summarize how I want to setup the systems as below:

>You summary below is most confusing but guessing
>based on questions that have been asked by others
>it seems that you are perhaps trying to use the same
>DNS server for both INTERNAL DNS server and
>EXTERNAL DNS.
>
>While it may be (with much difficulty) possible to
>do this with MS, or even readily doable with BIND
>this is NOT a good architecture and seldom gives
>reliable and secure results.

Sorry for the confusion, but YES, I am trying to use the same DNS
server for both Internal DNS server and External DNS. I know it would
be difficult to try to set it up with MS, but could you please give me
any extra information how to realize this setting, if anything
available?

>> External(Outside): Firewall
>>
>> [External<->DMZ - NAT (60.x.x.x <-> 10.x.x.x)
>>
>> DMZ: DNS with private IP (10.x.x.x)
>> - Service - Only DNS
>> - NIC x 1
>> - DNS Zone File, etc., -> Global IPs
>> [External<->Trusted - NAT (60.x.x.x <-> 192.x.x.x]

>If you aren't trying what I guessed the the NAT (probably)
>has nothing to do with your DNS -- certainly for internal
>use only.

>> Trusted(LAN):
>> - DC Server with Private IP (192.x.x.x) and dynamic for the zone
>> - Client Pool
>> -- Primary DNS -> DC Server (Private IP)
>> -- Secondary DNS -> DNS Server (Private IP)

>Are you saying you have the Primary for the Zone on the DC,
>and the Secondary for the zone supporting AD on another
>box?

As far as AD structure is concerned, yes.

>> I can reach the internet from any of client PCs with the setting
>> above.

>What doesn't work?

As I mentioned above, I am trying to use the same DNS server for both
Internal DNS server and External DNS. The DNS server works fine as an
Internal DNS server, however does not work as an External DNS server.
I can not reach the DNS server from the outside.

>> Do I need configure any additional parameters on the DNS server?

>What you are trying to accomplish?

Again, I am tring to setup the same DNS server for both Internal DNS
and External DNS.

Please advise,
2 answers Last reply
More about need setting win2000
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:848edb4c.0412082023.6dc9432e@posting.google.com,
    Yui <yuui.yamane@esolia.co.jp> commented
    Then Kevin replied below:
    > Again, I am tring to setup the same DNS server for both
    > Internal DNS and External DNS.

    Sorry you can't use the same MS DNS server for Public and Private domains of
    the same name. You will have to split this into two different DNS servers.
    One with a public zone publishing only public records, one with the private
    zone publishing private records for the internal machines.
    BIND is supposed to be capable of this.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
    news:ugH83Bb3EHA.1524@TK2MSFTNGP09.phx.gbl...
    > In news:848edb4c.0412082023.6dc9432e@posting.google.com,
    > Yui <yuui.yamane@esolia.co.jp> commented
    > Then Kevin replied below:
    > > Again, I am tring to setup the same DNS server for both
    > > Internal DNS and External DNS.
    >
    > Sorry you can't use the same MS DNS server for Public and Private domains
    of
    > the same name. You will have to split this into two different DNS servers.

    I agree with Kevin, but allow me to clafify: You CAN do it,
    but it is a bad idea and always going to be a security risk from
    at least two issues.

    > One with a public zone publishing only public records, one with the
    private
    > zone publishing private records for the internal machines.
    > BIND is supposed to be capable of this.

    Yes it is but....

    BIND will allow different VIEWS for different clients
    (based on filter lists) but that is NOT a sufficient reason
    for eschewing the advantages of MS DNS internally.

    I recommend, and am pretty sure Kevin agrees, you put you
    PUBLIC DNS back at the Registrar (or ISP if you must.)

    You're not even following the business rules of the registration
    process unless you have TWO or more DNS servers for the
    public resolution.

    Registrars like Godaddy.com and Register.com are perfectly
    willing to provide this service and you likely already paid
    for it.
Ask a new question

Read More

DNS Server DNS Windows