W2K Non-Microsoft DNS Entry

[Steve]

QUESTION:

Internet requests sent from our internal network has to
password through our firewall to gain access to the
Internet.

Housed on the firewall is a split-brain DNS Server, one
NIC is configured as a slave that points to our internal
DNS W2K Server, and the other NIC is configured as a slave
and points to our ISP.

My question is should I create a manual entry in our W2K
DNS server that has an A record that points to the UNIX
based firewall?

 

[Herb Martin]

Internet requests sent from our internal network has to

password through our firewall to gain access to the
Internet.

Housed on the firewall is a split-brain DNS Server, one

That's not likely to be a "shadow" or "split" DNS unless you
aren't using MS DNS. MS DNS only offers one "view" of the
zone so there is no way to split or differentiate what one set of
user (internal vs. external) sees.

It is generally a bad idea to use such a setup anyway.

NIC is configured as a slave that points to our internal
DNS W2K Server, and the other NIC is configured as a slave
and points to our ISP.

ALL NICs on DNS servers should be pointed to the correct DNS
server (set) -- not to multiple DNS server sets -- when that server is
considered as a CLIENT. Generally this means that DNS servers,
even on routers, should point THEMSELVES to internal DNS.

In the DNS server properties you should use the external DNS server
as the "forwarder" to accomplish most Internet (public) resolution.
This is NOT done by the DNS servers NIC settings.

My question is should I create a manual entry in our W2K
DNS server that has an A record that points to the UNIX
based firewall?

If you want it resolvable by name. Why not? Who so?