DNS IP address

[bkesting]

Hello,

I am about to setup a DNS server for my network. I currently have a network behind an iptables router/firewall. I plan to add web and mail services to my network soon and need a nameserver to resolve domains for those two services. My question is this......

Should I assign the DNS server a local IP and have the router/firewall forward DNS requests from the internet to this box, or should I just assign a public IP straight to the DNS server and use iptables on it to block all traffic to it except DNS traffic?

Thanks in advance for any advice you can offer.

 

[nsantin]

Go local and allow the DNS server outbound access.

 

[bkesting]

And forward internet dns requests to this box?

 

[nsantin]

Im assuming you will use an internal and external domain. (i.e. domain.com and domain.local) and you own the domain.com

In that case, setup 2 zones, the internal and external, make sure you set the external to NOT allow updates. Manually create your A and MX records in the public zone.

Setup your firewall to forward BOTH TCP and UDP Port53 to the server.

For your external zone, you will need to update the nameserver with your domain registar.

 

[bkesting]

Gotcha......thanks.