setup dns in dmz

[chow]

Dear all,

Need some advise to setup a dns server in dmz
My Setup -
Cisco PIX firewall - external 202.x.x.1
DMZ 192.168.1.1
internal 192.168.10.1
Windows 2003 dns server in dmz 192.168.1.2

I only have one register IP address (202.x.x.1)
How should I define my SOA & NS ip address in the dns
server. This server will function as an external dns
server for the public.

Thank you

chow

 

[Kevin D. Goodknecht [MVP]]

In

Dear all,

Need some advise to setup a dns server in dmz
My Setup -
Cisco PIX firewall - external 202.x.x.1
DMZ 192.168.1.1
internal 192.168.10.1
Windows 2003 dns server in dmz 192.168.1.2

I only have one register IP address (202.x.x.1)
How should I define my SOA & NS ip address in the dns
server. This server will function as an external dns
server for the public.

Just to verify, it will not also be used by any internal machine for DNS?

Public DNS servers can only give out public addresses, so when you create
the records on this DNS, do not create any with private addresses. You do
not want this DNS server to give out any private addresses.
If you host example.com on this server and you want this DNS server to be
known as NS1.example.com create a new host in the example.com zone named NS1
give it the router's IP (202.x.x.1)
If you will also be hosting a web site name www.example.com behind this
router create a new host named www with IP (202.x.x.1) Do this for all
records, do not create any records in the example.com zone with internal IP
addresses.
Doing so will cause those sites to be inaccessible from the public. The same
goes for the internal clients, do not let internal clients use this DNS in
their config because any site resolving to the router's external IP will not
be accessible by internal clients because you can't make an incoming
connection from inside the firewall.