Configuring DNS in DMZ zone


N

NAN

How should the servers in the DMZ zone be configured (as
far as DNS goes)? Should they just point to the external
DNS or should I configure a DNS server in the DMZ zone?
We currently have AD Integrated DNS servers internally and
use an ISP for our external DNS. Key point - we don't
want external clients knowing our internal names and IPs.
Thanks in advance.
 
Ad

Advertisements

R

Roland Hall

in message : How should the servers in the DMZ zone be configured (as
: far as DNS goes)? Should they just point to the external
: DNS or should I configure a DNS server in the DMZ zone?
: We currently have AD Integrated DNS servers internally and
: use an ISP for our external DNS. Key point - we don't
: want external clients knowing our internal names and IPs.
: Thanks in advance.

Aren't your servers in the DMZ using public addressing?

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
 
N

NAN

-----Original Message-----
in message [email protected]
: How should the servers in the DMZ zone be configured (as
: far as DNS goes)? Should they just point to the external
: DNS or should I configure a DNS server in the DMZ zone?
: We currently have AD Integrated DNS servers internally and
: use an ISP for our external DNS. Key point - we don't
: want external clients knowing our internal names and IPs.
: Thanks in advance.

Aren't your servers in the DMZ using public addressing?

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default. asp?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN- US;308201


.
NO. They have internal IPs which are then tranlated
through our firewall and vice versa. External clients use
a Public IP which then gets tranlated through the firewall.
 
L

Larry Stotler

Hello,

It depends on the function of the servers in the DMZ. If the servers in
the DMZ require access to internal domain resources then you may have to
point them internally for DNS. What is the function of the DMZ servers?

Larry Stotler, MCSE
Microsoft Product Support

NOTE: Please reply to the newsgroup and not directly to me. This allows
others to add to and benefit from these threads and also helps to ensure a
more timely response. Thank you!

This posting is provided "AS IS" without warranty either expressed or
implied, including, but not limited to, the implied warranties of
merchantability or fitness for a particular purpose
 
N

NAN

-----Original Message-----
Hello,

It depends on the function of the servers in the DMZ. If the servers in
the DMZ require access to internal domain resources then you may have to
point them internally for DNS. What is the function of the DMZ servers?

Larry Stotler, MCSE
Microsoft Product Support

NOTE: Please reply to the newsgroup and not directly to me. This allows
others to add to and benefit from these threads and also helps to ensure a
more timely response. Thank you!

This posting is provided "AS IS" without warranty either expressed or
implied, including, but not limited to, the implied warranties of
merchantability or fitness for a particular purpose

.
Hi,
The servers in the DMZ are IIS servers hosting websites
for external and internal clients however, the only thing
the server in the dmz needs to know about internally is 1
host name/odbc connection.
 
L

Larry Stotler

Hi,
If the IIS server requires authentication to the domain it will have to
point internally for DNS. I would point it internally anyway because of
the 1 host name required. The only other option is a host file on the IIS
server. However, DNS is preferable in case the IP of the internal server
changes.

Larry Stotler, MCSE
Microsoft Product Support

NOTE: Please reply to the newsgroup and not directly to me. This allows
others to add to and benefit from these threads and also helps to ensure a
more timely response. Thank you!

This posting is provided "AS IS" without warranty either expressed or
implied, including, but not limited to, the implied warranties of
merchantability or fitness for a particular purpose
 
Ad

Advertisements

N

NAN

-----Original Message-----
Hi,
If the IIS server requires authentication to the domain it will have to
point internally for DNS. I would point it internally anyway because of
the 1 host name required. The only other option is a host file on the IIS
server. However, DNS is preferable in case the IP of the internal server
changes.

Larry Stotler, MCSE
Microsoft Product Support

NOTE: Please reply to the newsgroup and not directly to me. This allows
others to add to and benefit from these threads and also helps to ensure a
more timely response. Thank you!

This posting is provided "AS IS" without warranty either expressed or
implied, including, but not limited to, the implied warranties of
merchantability or fitness for a particular purpose

.
I agree. No domain authentication needed. At what point
should you put a DNS caching only server in the DMZ?
Currently, we only have the one server located there.
 
Ad

Advertisements

L

Larry Stotler

Hello,

I would think it was necessary only if you have a large number of DNS
queries originating from the DMZ. Say for instance you have an SMTP server
there that sends out thousands of emails a day. This senario would benifit
from the DNS server.

Larry Stotler, MCSE
Microsoft Product Support

NOTE: Please reply to the newsgroup and not directly to me. This allows
others to add to and benefit from these threads and also helps to ensure a
more timely response. Thank you!

This posting is provided "AS IS" without warranty either expressed or
implied, including, but not limited to, the implied warranties of
merchantability or fitness for a particular purpose
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top