Internal / External DNS Servers

G

Guest

Hello

Two DNS (BIND 9) servers are hosted on our firewall (UNIX
Based): one server is bound to the internal network, and
the other server is bound to the Internet.

When I say bound both DNS Servers are configured as slave
DNS Servers. The internal one points at our internal DNS
master, which is a W2K RDC, and the external one points at
our ISP for external name resolution.

I have it set up so that our internal W2K DNS server
forwards requests to our internal slave DNS server that
resides on the firewall, the firewall then transfers the
requests to its external DNS slave, which in turn sends
requests to our ISPs Name Servers.

My question is should I allow zone transfers between both
internal DNS servers, or is setting up the forwarder alone
enough?

Any advice given would be very much appreciated!
 
A

Ace Fekay [MVP]

In
Hello

Two DNS (BIND 9) servers are hosted on our firewall (UNIX
Based): one server is bound to the internal network, and
the other server is bound to the Internet.

When I say bound both DNS Servers are configured as slave
DNS Servers. The internal one points at our internal DNS
master, which is a W2K RDC, and the external one points at
our ISP for external name resolution.

I have it set up so that our internal W2K DNS server
forwards requests to our internal slave DNS server that
resides on the firewall, the firewall then transfers the
requests to its external DNS slave, which in turn sends
requests to our ISPs Name Servers.

My question is should I allow zone transfers between both
internal DNS servers, or is setting up the forwarder alone
enough?

Any advice given would be very much appreciated!
Click to expand...

Well, why do you want to setup a zone transfer? My only guess is if you want
a copy of the zone on the other internal DNS server? If your AD clients
aren't using it, and you're just forwarding to it, then no, you don't want
zone transfers.

If the AD clients are using it, then yes, you need a copy of the zone, since
any DNS listed on a client or DC must have a copy of the AD zone.

So the forwarder would be enough if the clients aren't directly using it....

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
A

Ace Fekay [MVP]

In
Thanks very much!
Click to expand...
You're welcom!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Internal vs External DNS 3
DNS config on 2 DNS servers on same subnet 3
DNS Redirect 3
W2K Non-Microsoft DNS Entry 1
DNS forwarding loop 0
Best Practices for Forwarded DNS Queries 8
Internal host with external FQDN 1
DNS/ ISA and NIC configuration 2

Top