Sign in with
Sign up | Sign in
Your question

Need help on setting up win2000 dns

Last response: in Windows 2000/NT
Share
December 8, 2004 11:23:36 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi Herb,
Thank you for your reply. Please see my comments inline below:

>> Thanks, I checked the above points, but nothing has been
resolved...
>> Let me summarize how I want to setup the systems as below:

>You summary below is most confusing but guessing
>based on questions that have been asked by others
>it seems that you are perhaps trying to use the same
>DNS server for both INTERNAL DNS server and
>EXTERNAL DNS.
>
>While it may be (with much difficulty) possible to
>do this with MS, or even readily doable with BIND
>this is NOT a good architecture and seldom gives
>reliable and secure results.

Sorry for the confusion, but YES, I am trying to use the same DNS
server for both Internal DNS server and External DNS. I know it would
be difficult to try to set it up with MS, but could you please give me
any extra information how to realize this setting, if anything
available?

>> External(Outside): Firewall
>>
>> [External<->DMZ - NAT (60.x.x.x <-> 10.x.x.x)
>>
>> DMZ: DNS with private IP (10.x.x.x)
>> - Service - Only DNS
>> - NIC x 1
>> - DNS Zone File, etc., -> Global IPs
>> [External<->Trusted - NAT (60.x.x.x <-> 192.x.x.x]

>If you aren't trying what I guessed the the NAT (probably)
>has nothing to do with your DNS -- certainly for internal
>use only.

>> Trusted(LAN):
>> - DC Server with Private IP (192.x.x.x) and dynamic for the zone
>> - Client Pool
>> -- Primary DNS -> DC Server (Private IP)
>> -- Secondary DNS -> DNS Server (Private IP)

>Are you saying you have the Primary for the Zone on the DC,
>and the Secondary for the zone supporting AD on another
>box?

As far as AD structure is concerned, yes.

>> I can reach the internet from any of client PCs with the setting
>> above.

>What doesn't work?

As I mentioned above, I am trying to use the same DNS server for both
Internal DNS server and External DNS. The DNS server works fine as an
Internal DNS server, however does not work as an External DNS server.
I can not reach the DNS server from the outside.

>> Do I need configure any additional parameters on the DNS server?

>What you are trying to accomplish?

Again, I am tring to setup the same DNS server for both Internal DNS
and External DNS.

Please advise,

More about : setting win2000 dns

Anonymous
December 9, 2004 2:32:21 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:848edb4c.0412082023.6dc9432e@posting.google.com,
Yui <yuui.yamane@esolia.co.jp> commented
Then Kevin replied below:
> Again, I am tring to setup the same DNS server for both
> Internal DNS and External DNS.

Sorry you can't use the same MS DNS server for Public and Private domains of
the same name. You will have to split this into two different DNS servers.
One with a public zone publishing only public records, one with the private
zone publishing private records for the internal machines.
BIND is supposed to be capable of this.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
December 9, 2004 7:12:43 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:ugH83Bb3EHA.1524@TK2MSFTNGP09.phx.gbl...
> In news:848edb4c.0412082023.6dc9432e@posting.google.com,
> Yui <yuui.yamane@esolia.co.jp> commented
> Then Kevin replied below:
> > Again, I am tring to setup the same DNS server for both
> > Internal DNS and External DNS.
>
> Sorry you can't use the same MS DNS server for Public and Private domains
of
> the same name. You will have to split this into two different DNS servers.

I agree with Kevin, but allow me to clafify: You CAN do it,
but it is a bad idea and always going to be a security risk from
at least two issues.

> One with a public zone publishing only public records, one with the
private
> zone publishing private records for the internal machines.
> BIND is supposed to be capable of this.

Yes it is but....

BIND will allow different VIEWS for different clients
(based on filter lists) but that is NOT a sufficient reason
for eschewing the advantages of MS DNS internally.

I recommend, and am pretty sure Kevin agrees, you put you
PUBLIC DNS back at the Registrar (or ISP if you must.)

You're not even following the business rules of the registration
process unless you have TWO or more DNS servers for the
public resolution.

Registrars like Godaddy.com and Register.com are perfectly
willing to provide this service and you likely already paid
for it.
!