Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Setting up DNS - Zone internal and external

2 views
Skip to first unread message

Kingston

unread,
Mar 17, 2009, 5:01:31 PM3/17/09
to
Hello there!

I'm setting up a DNS server for my office. We have internal (in-
office) servers and external (datacenter) servers.

I'm trying to have the DNS route internal traffic to the internal
server without going out past our firewall and back through the
firewall.

For example:

Our zone is Company.com
Our datacenter runs public.company.com
Internally we host corporate.company.com, internal.company.com, etc.

With the ISP's DNS, when a user wants to access corporate.company.com,
the traffic will go outside of the firewall, and then back.

When I set up the Server 2003 DNS to cover the whole company.com zone,
the traffic stays internal, but I am unable to go to
public.company.com, since the DNS doesn't point to it. Is there a way
to automatically point it, rather than me setting it?

In order to work around it, I have created a zone for just
corporate.company.com and internal.company.com with a forward to the
ISP's DNS.

K

Ace Fekay [Microsoft Certified Trainer]

unread,
Mar 17, 2009, 10:55:59 PM3/17/09
to
In news:f312238c-b7d2-42cf...@p2g2000prf.googlegroups.com,
Kingston <kings...@gmail.com>, posted the following:

Hi Kingston ,

Actually just to point out, DNS does not route traffic. It just resolve
names.Also with Internet names, any forwarder will work.

However in your case you have a mixed scenario where part of your namespace
is being hosted internally and externally. What you did so far by creating
corporate.company.com and internal.company.com usually works fine. To handle
public.company.com, you can either manually create it as you did the above,
but providing the actual external IPs. However, if there are many IPs, or
they change (some ISPs change their IPs routinely), you can create a child
delegation. But before you create the delegation, you need to know what the
SOA of your public domain is. One way to find that is using nslookup with
using an external sever, such as 4.2.2.2 that I stipulated below, which you
can actually use and works as a Forwader, too. You can do this for each
external child name unde company.com. However for any internal private IPs,
you have to create normal records for them.

To find your SOA:
nslookup
server 4.2.2.2
set q=soa
company.com
(results display here)

To create child delegation:
Open DNS
Rt-click company.com
New-Delegation
Type in 'public'
In the nameserver info, provide the info you found in the results above.

I hope this helps.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
ace...@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

0 new messages