dns best practices

Discussion in 'DNS Server' started by Bad Beagle, Apr 25, 2006.

  1. Bad Beagle

    Bad Beagle Guest

    I currently have a split dns which was initially desinged when internal and
    external domains were the same. I now have whaterver.local as my internal
    and whatever.com as my external. My question is what do I do with machines
    in my DMZ - should I have a separate DNS server for these machines?
     
    Bad Beagle, Apr 25, 2006
    #1
    1. Advertisements

  2. Bad Beagle

    Herb Martin Guest

    You say <currently have split DNS> and <now have .com/.local>
    which are inconsistent.

    The latter is not an example of Split or Shadow DNS.

    We must presume you are switching from the former to the
    latter but please correct the record if this is not your situation.
    Depends on their roles and needs. If they are DOMAIN
    machines they will need to be able to resolve INTERNAL
    DNS and so must (themselves) use the Internal DNS Server
    (set). Even if they are DNS servers themselves.

    Even if they are public machines (offering resources to the world)
    they might in theory never need to resolve an external name.

    They may need to be LISTED however in both zones, to be found
    by both internal users and external customers. This is true whether
    you use two different domain names or the same (Shadow/Split
    DNS.)

    An (unusual) example: An Enterprise level ISA (Proxy) Server
    which must be a member of a domain but which itself is the
    DNS forwarder to the outside world.

    The ISA machine uses the INTERNAL DNS server set as a DNS
    CLIENT (on it's NIC->IP Properties) but the internal DNS servers
    forward to this server which actually performs all external
    lookups.

    By the way, for most small companies (in terms of Internet
    presence) one should NOT run the public DNS anyway, but
    should rather return it to the REGISTRAR.
     
    Herb Martin, Apr 25, 2006
    #2
    1. Advertisements

  3. Hi,

    I noticed that Herb has provided great information. Please post back if you
    still have concerns.

    Have a good day.


    Best regards,

    Vincent Xu
    Microsoft Online Partner Support

    ======================================================
    Get Secure! - www.microsoft.com/security
    ======================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others
    may learn and benefit from this issue.
    ======================================================
    This posting is provided "AS IS" with no warranties,and confers no rights.
    ======================================================



    --------------------
     
    Vincent Xu [MSFT], Apr 26, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.