Need help on setting up win2000 dns

yui

Distinguished
Dec 7, 2004
4
0
18,510
Archived from groups: microsoft.public.win2000.dns (More info?)

>> Again, I am tring to setup the same DNS server for both
>> Internal DNS and External DNS.

>Sorry you can't use the same MS DNS server for Public and Private
domains of
>the same name. You will have to split this into two different DNS
servers.
>One with a public zone publishing only public records, one with the
private
>zone publishing private records for the internal machines.
>BIND is supposed to be capable of this.

Thanks.
I split that into two server, the one in LAN is for Private zone and
the other in DMZ is for Public zone, and I can reach the internet
without any problems.
As of the public DNS server, I successfully get it in operation with
the private IP on its interface.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:848edb4c.0412090618.4536d2ac@posting.google.com,
Yui <yuui.yamane@esolia.co.jp> commented
Then Kevin replied below:
>>> Again, I am tring to setup the same DNS server for both
>>> Internal DNS and External DNS.
>
>> Sorry you can't use the same MS DNS server for Public
>> and Private domains of the same name. You will have to
>> split this into two different DNS servers. One with a
>> public zone publishing only public records, one with the
>> private zone publishing private records for the internal
>> machines.
>> BIND is supposed to be capable of this.
>
> Thanks.
> I split that into two server, the one in LAN is for
> Private zone and the other in DMZ is for Public zone, and
> I can reach the internet without any problems.
> As of the public DNS server, I successfully get it in
> operation with the private IP on its interface.

The interface IP of a DNS server is not relevant, as long as it publishes
only records with public addresses, and it can be accessed by a public IP
address that is NATed to it.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

> The interface IP of a DNS server is not relevant, as long as it
publishes
> only records with public addresses, and it can be accessed by a
public IP
> address that is NATed to it.

Dear Kevin and Herb,

Thank you for your inputs all.
I am now running the public DNS with the DNS proxy service of
Watchguard Firebox X, so that at least I can minimize the security
risks. Additionally, I have set up the primary public DNS in our
network, but the secondary public DNS is hosted by our ISP.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

<yuui.yamane@esolia.co.jp> wrote in message
news:1102657855.698290.258500@f14g2000cwb.googlegroups.com...
> > The interface IP of a DNS server is not relevant, as long as it
> publishes
> > only records with public addresses, and it can be accessed by a
> public IP
> > address that is NATed to it.
>
> Dear Kevin and Herb,
>
> Thank you for your inputs all.
> I am now running the public DNS with the DNS proxy service of
> Watchguard Firebox X, so that at least I can minimize the security
> risks. Additionally, I have set up the primary public DNS in our
> network, but the secondary public DNS is hosted by our ISP.

You would still be better served (in the long run)
by moving both back to the Registrar if they offer
the service (most do.)

Most ISPs don't have an interface where you can
change your own DNS if they host the Primary, but
practically ever (major) Registrar works this way.



--
Herb Martin


>