Changing IP address of DNS server

G

Guest

Hi

Due to security constraints I want to move public DNS server behind firewall, for this i have to change the ip address of Public DNS server to local LAN ipaddress (eg 10.0.0.x)

If i change the IP address is DNS going to work. what will be the DNS server entries which i should give in TCP/IP
please let me know if i have to make anyother changes in DNS

Thanks in advanc
Kira
 
K

Kevin D. Goodknecht [MVP]

In
Satheesh Kiran said:
Hi,

Due to security constraints I want to move public DNS server behind
firewall, for this i have to change the ip address of Public DNS
server to local LAN ipaddress (eg 10.0.0.x).

If i change the IP address is DNS going to work. what will be the
DNS server entries which i should give in TCP/IP.
please let me know if i have to make anyother changes in DNS.

Thanks in advance
Kiran

As long as it is still going to be only a public DNS server, and it does not
host any Active Directory or DDNS zones the only thing you need to change on
the DNS server itself is its listener address on the interfaces tab.
You will also need to open holes in the firewall for TCP & UDP port 53 and
send incoming connections on those ports to the DNS server address.

As for the records in the server zones, nothing will change, it must still
publish the same data behind the firewall as it did in front of it. DNS is
not related to the IP address it listens on, it only publishes data to
computers based on the clients view of the root it is using.
 
G

Guest

Thanks for the Reply

After changing the public IP to local lan IP, in the listen on column in DNS server properties should i point to the local LAN ip or shoud i still point to the same public IP which i was using earlier

Please let me know whether i should use the local LAN ip or the public IP in the preferred DNS servers in TCP/IP properties windo

Thanks in advanc
Kira

----- Kevin D. Goodknecht [MVP] wrote: ----

In
Satheesh Kiran said:
Hi
firewall, for this i have to change the ip address of Public DN
server to local LAN ipaddress (eg 10.0.0.x)
DNS server entries which i should give in TCP/IP
please let me know if i have to make anyother changes in DNS
Kira

As long as it is still going to be only a public DNS server, and it does no
host any Active Directory or DDNS zones the only thing you need to change o
the DNS server itself is its listener address on the interfaces tab
You will also need to open holes in the firewall for TCP & UDP port 53 an
send incoming connections on those ports to the DNS server address

As for the records in the server zones, nothing will change, it must stil
publish the same data behind the firewall as it did in front of it. DNS i
not related to the IP address it listens on, it only publishes data t
computers based on the clients view of the root it is using

--
Best regards
Kevin D4 Dad Goodknecht Sr. [MVP
Hope This Help
===========================
--
When responding to posts, please "Reply to Group" via you
newsreader so that others may learn and benefit from your issue
To respond directly to me remove the nospam. from my email
=========================================
http://www.lonestaramerica.com
=========================================
Use Outlook Express?... Get OE_Quotefix
It will strip signature out and mor
http://home.in.tum.de/~jain/software/oe-quotefix
=========================================
Keep a back up of your OE settings and folders wit
OEBackup
http://www.oehelp.com/OEBackup/Default.asp
=========================================
 
A

Ace Fekay [MVP]

In
Satheesh Kiran said:
Thanks for the Reply

After changing the public IP to local lan IP, in the listen on column
in DNS server properties should i point to the local LAN ip or shoud
i still point to the same public IP which i was using earlier.

Please let me know whether i should use the local LAN ip or the
public IP in the preferred DNS servers in TCP/IP properties window

Thanks in advance
Kiran


For the NIC address (TCPIP settings), you will now need to use the private
IP.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
K

Kevin D. Goodknecht [MVP]

In
Satheesh Kiran said:
Thanks for the Reply

After changing the public IP to local lan IP, in the listen on column
in DNS server properties should i point to the local LAN ip or shoud
i still point to the same public IP which i was using earlier.

Please let me know whether i should use the local LAN ip or the
public IP in the preferred DNS servers in TCP/IP properties window
You didn't say any local machines were using this DNS server. This can
change things if you have any local sites and local machines using this DNS
server. Any site hosted by this DNS that has both local and public access is
going to be a problem.
Any site that is hosted locally behind the NAT device won't work with the
public address. You definitely don't want to put private records in a Public
Zone.
You can have a public DNS behind NAT as long as it does not resolve sites
and servers behind the same NAT device. For that you need two separate DNS
servers, one for the internal users and one for the external users.
 
G

Guest

Thanks for the respons

Here is my present setu

public DNS ----- Firewall ----- local domain (AD) & User System
xy.com xyhyd.co

The public DNS has our MX records & web site resolution addressess

we have a local Domain (AD) and local DNS for LAN users
The primary DNS is pointed to itself and secondary is pointed to Public DNS in TCP/IP properties
In the enable forwarders i have public DNS server entry in it.
This is my local AD and DNS setup

In the public DNS server, i have public IP assigned to this server and the primary DNS is pointing to itself in TCP/I
In the enable forwarders i have ISP DNS server entries in it

Because of security constraints i want to move public DNS inside firewall
If i move public DNS inside firewal

1. What are the ports to be opened in firewall for DN
2. what are the changes to be made in the public DNS server ( TCP/IP settings, Forwarders etc) if i am going to assign a local LAN ip for public DNS serve
3. what are the changes to be made to local DNS server

Hope this is clear

Thanks in advanc
Satheesh Kiran







----- Kevin D. Goodknecht [MVP] wrote: ----

In
Satheesh Kiran said:
Thanks for the Repl
in DNS server properties should i point to the local LAN ip or shou
i still point to the same public IP which i was using earlier
public IP in the preferred DNS servers in TCP/IP properties windo

You didn't say any local machines were using this DNS server. This ca
change things if you have any local sites and local machines using this DN
server. Any site hosted by this DNS that has both local and public access i
going to be a problem
Any site that is hosted locally behind the NAT device won't work with th
public address. You definitely don't want to put private records in a Publi
Zone
You can have a public DNS behind NAT as long as it does not resolve site
and servers behind the same NAT device. For that you need two separate DN
servers, one for the internal users and one for the external users



--
Best regards
Kevin D4 Dad Goodknecht Sr. [MVP
Hope This Help
===========================
--
When responding to posts, please "Reply to Group" via you
newsreader so that others may learn and benefit from your issue
To respond directly to me remove the nospam. from my email
=========================================
http://www.lonestaramerica.com
=========================================
Use Outlook Express?... Get OE_Quotefix
It will strip signature out and mor
http://home.in.tum.de/~jain/software/oe-quotefix
=========================================
Keep a back up of your OE settings and folders wit
OEBackup
http://www.oehelp.com/OEBackup/Default.asp
=========================================
 
A

Ace Fekay [MVP]

In
Satheesh Kiran said:
Thanks for the response

Here is my present setup

public DNS ----- Firewall ----- local domain (AD) & User Systems
xy.com xyhyd.com


The public DNS has our MX records & web site resolution addressess.

we have a local Domain (AD) and local DNS for LAN users.
The primary DNS is pointed to itself and secondary is pointed to
Public DNS in TCP/IP properties.

When running your own DNS servers, especially wiht AD, you should NEVER use
an ISP's or any other DNS server that doesn't host your data. Point to
yourself only and let forwarding handle it.
In the enable forwarders i have public DNS server entry in it.

That's the only place any public/ISP DNS should be, in forwarding.
This is my local AD and DNS setup.

In the public DNS server, i have public IP assigned to this server
and the primary DNS is pointing to itself in TCP/IP
In the enable forwarders i have ISP DNS server entries in it.


Because of security constraints i want to move public DNS inside
firewall.
If i move public DNS inside firewall

1. What are the ports to be opened in firewall for DNS

TCP/UDP 53. With NAT, you need to create a port-remap for these ports to the
internal private IP.

2. what are the changes to be made in the public DNS server ( TCP/IP
settings, Forwarders etc) if i am going to assign a local LAN ip for
public DNS server

Yes, you will assign a private IP. In the nameservers tab, ensure the public
IP remains. Do not change any public IP data for your hosts, since I'm
assuming you are not changing your servers sitting on the public side.

3. what are the changes to be made to local DNS server.

See #2





--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top