How should the servers in the DMZ zone be configured (as
far as DNS goes)? Should they just point to the external
DNS or should I configure a DNS server in the DMZ zone?
We currently have AD Integrated DNS servers internally and
use an ISP for our external DNS. Key point - we don't
want external clients knowing our internal names and IPs.
Thanks in advance.

"NAN" wrote in message news:ebb601c43d05$8871b2a0$(E-Mail Removed)...
: How should the servers in the DMZ zone be configured (as
: far as DNS goes)? Should they just point to the external
: DNS or should I configure a DNS server in the DMZ zone?
: We currently have AD Integrated DNS servers internally and
: use an ISP for our external DNS. Key point - we don't
: want external clients knowing our internal names and IPs.
: Thanks in advance.

Aren't your servers in the DMZ using public addressing?

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/service...p?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default...b;EN-US;308201

>-----Original Message-----
>"NAN" wrote in message news:ebb601c43d05$8871b2a0
$(E-Mail Removed)...
>: How should the servers in the DMZ zone be configured (as
>: far as DNS goes)? Should they just point to the
external
>: DNS or should I configure a DNS server in the DMZ zone?
>: We currently have AD Integrated DNS servers internally
and
>: use an ISP for our external DNS. Key point - we don't
>: want external clients knowing our internal names and
IPs.
>: Thanks in advance.
>
>Aren't your servers in the DMZ using public addressing?
>
>--
>Roland Hall
>/* This information is distributed in the hope that it
will be useful, but
>without any warranty; without even the implied warranty
of merchantability
>or fitness for a particular purpose. */
>Online Support for IT Professionals -
>http://support.microsoft.com/service...echnet/default.
asp?fr=0&sd=tech
>How-to: Windows 2000 DNS:
>http://support.microsoft.com/default.aspx?scid=kb;EN-
US;308201
>
>
>.
>NO. They have internal IPs which are then tranlated
through our firewall and vice versa. External clients use
a Public IP which then gets tranlated through the firewall.

Hello,

It depends on the function of the servers in the DMZ. If the servers in
the DMZ require access to internal domain resources then you may have to
point them internally for DNS. What is the function of the DMZ servers?

Larry Stotler, MCSE
Microsoft Product Support

NOTE: Please reply to the newsgroup and not directly to me. This allows
others to add to and benefit from these threads and also helps to ensure a
more timely response. Thank you!

This posting is provided "AS IS" without warranty either expressed or
implied, including, but not limited to, the implied warranties of
merchantability or fitness for a particular purpose

>-----Original Message-----
>Hello,
>
>It depends on the function of the servers in the DMZ. If
the servers in
>the DMZ require access to internal domain resources then
you may have to
>point them internally for DNS. What is the function of
the DMZ servers?
>
>Larry Stotler, MCSE
>Microsoft Product Support
>
>NOTE: Please reply to the newsgroup and not directly to
me. This allows
>others to add to and benefit from these threads and also
helps to ensure a
>more timely response. Thank you!
>
>This posting is provided "AS IS" without warranty either
expressed or
>implied, including, but not limited to, the implied
warranties of
>merchantability or fitness for a particular purpose
>
>.
>Hi,
The servers in the DMZ are IIS servers hosting websites
for external and internal clients however, the only thing
the server in the dmz needs to know about internally is 1
host name/odbc connection.

Hi,
If the IIS server requires authentication to the domain it will have to
point internally for DNS. I would point it internally anyway because of
the 1 host name required. The only other option is a host file on the IIS
server. However, DNS is preferable in case the IP of the internal server
changes.

Larry Stotler, MCSE
Microsoft Product Support

NOTE: Please reply to the newsgroup and not directly to me. This allows
others to add to and benefit from these threads and also helps to ensure a
more timely response. Thank you!

This posting is provided "AS IS" without warranty either expressed or
implied, including, but not limited to, the implied warranties of
merchantability or fitness for a particular purpose

>-----Original Message-----
>Hi,
>If the IIS server requires authentication to the domain
it will have to
>point internally for DNS. I would point it internally
anyway because of
>the 1 host name required. The only other option is a
host file on the IIS
>server. However, DNS is preferable in case the IP of
the internal server
>changes.
>
>Larry Stotler, MCSE
>Microsoft Product Support
>
>NOTE: Please reply to the newsgroup and not directly to
me. This allows
>others to add to and benefit from these threads and also
helps to ensure a
>more timely response. Thank you!
>
>This posting is provided "AS IS" without warranty either
expressed or
>implied, including, but not limited to, the implied
warranties of
>merchantability or fitness for a particular purpose
>
>.
>I agree. No domain authentication needed. At what point
should you put a DNS caching only server in the DMZ?
Currently, we only have the one server located there.

Hello,

I would think it was necessary only if you have a large number of DNS
queries originating from the DMZ. Say for instance you have an SMTP server
there that sends out thousands of emails a day. This senario would benifit
from the DNS server.

Larry Stotler, MCSE
Microsoft Product Support

NOTE: Please reply to the newsgroup and not directly to me. This allows
others to add to and benefit from these threads and also helps to ensure a
more timely response. Thank you!

This posting is provided "AS IS" without warranty either expressed or
implied, including, but not limited to, the implied warranties of
merchantability or fitness for a particular purpose