DNS setup

[Kaybee]

I am new to DNS but just need some guidance to create a
public / private DNS.

Here is what I have:
*Old NT 4.0 domain with a public DNS and Proxy. Known to
the world as test.com. A static route was setup for
private and public IP addresses. This domain is going away
after migration of email accounts so I am not worried
about this environment at all.
*New 2000 internal domain with AD. Private primary DNS
abc.cbs.nbc with a secondary DNS on another DC.
A new ISA server will replace the old proxy which will
host the web server, MX and public DNS, etc. (I intend on
using same public IP address for the new ISA server when
the old server retires (so no internet delay).

My question:
How do I setup the public DNS with the known domain name
to the world on the ISA box with a different domain name
internally so I can use forwarders to the internal DNS? I
have read a lot of white paper --- but still not quite
sure the direction. Do I have to create a static route?

Thanks,

 

[Ace Fekay [MVP]]

In

I am new to DNS but just need some guidance to create a
public / private DNS.

Here is what I have:
*Old NT 4.0 domain with a public DNS and Proxy. Known to
the world as test.com. A static route was setup for
private and public IP addresses. This domain is going away
after migration of email accounts so I am not worried
about this environment at all.
*New 2000 internal domain with AD. Private primary DNS
abc.cbs.nbc with a secondary DNS on another DC.
A new ISA server will replace the old proxy which will
host the web server, MX and public DNS, etc. (I intend on
using same public IP address for the new ISA server when
the old server retires (so no internet delay).

My question:
How do I setup the public DNS with the known domain name
to the world on the ISA box with a different domain name
internally so I can use forwarders to the internal DNS? I
have read a lot of white paper --- but still not quite
sure the direction. Do I have to create a static route?

Thanks,

I think you're looking at an elephant thru a microscope....

If you have your own private internal AD domain, there is no need to forward
any DNS traffic to the internal DNS servers since they are for your private
AD domain.

If the ISA server is hosting DNS for your external name, then that DNS
server would contain the public records. Do not use that DNS address on any
internal AD members.

If you are hosting Exchange for your company's mail, then your 'external'
DNS server on the ISA box would have the MX record pointing to the WAN IP
address of the ISA server. Then a rule would be created and applied to
publish a mail server and sent to the actual Exchange box on your internal
network. On Exchange, you would specify in the Default Recipient Policy the
external domain name that it's the authorative server to receive mail for
that domain.

Do not mix internal AD DNS data and external DNS public data. Without a huge
explanation, things will just go south doing that.

Now for ISA, depending on how you set it up, if setup as just a caching
server (for web traffic only), then you can leave the Root zone (the dot
zone) on the internal DNS server. Then in all your machine's IE options,
select to use the ISA as the proxy address.

You can use this as a secure NAT too, which is the most popular installation
option. You can use this in conjunction with Web caching. In this scenario,
you need to remove the Root zone.

If using it as a firewall client, then the firewall client software would
need to be installed on each internal client. Remove the Root zone for this
too.

Internal DNS can forward to the external DNS server. This "external" can
either be your ISP's or your ISA DNS server......

Hope that helps if I understood your post correctly...


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory