Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
DNS question?
- Thread starter angel216
- Start date
- Thread starter
- #3
Just one more clarification if you could.
Do you want compuers in you DMZ and your internal computers to be getting different DNS info from the same DNS server based on where the computer is?
In other words, a DMZ computer sends a dns request and gets different info than a DNS request coming from an internal computer?
Do you want compuers in you DMZ and your internal computers to be getting different DNS info from the same DNS server based on where the computer is?
In other words, a DMZ computer sends a dns request and gets different info than a DNS request coming from an internal computer?
Sorry for the late reply, it's important if you answer Dmandell query.
One more thing are you using the same domain name for both internal and public?
To answer your question above, "it can be done" but it will defeat the purpose of your DMZ. Goto Gia website :
One more thing are you using the same domain name for both internal and public?
To answer your question above, "it can be done" but it will defeat the purpose of your DMZ. Goto Gia website :
- Thread starter
- #6
Hey Guys,
Sorry for the late reply. My apologizes.
To answer Dmandell question. Yes I want my computers in the DMZ and my internal computers to be getting different DNS info from the same DNS server. The DNS Server will be in my internal domain.
Ricpinto, Yes I want to use the same domain name for both internal and public? Is that possible.
Guys thank you so much for you help.
-Angel
I don't know how you can do this with one server and the same domain name for internal and external.
We do exactly what you are asking, but with two distinctly separate DNS servers. (One for the outside world, and one for internal)
The internal one can forward requests to the external, but not visa-versa. If we want internal machines to resolve internet addresses that belong to our domain, we use a different name in DNS on the internal server.
Maybe ricpinto has an idea on how to do it with one server?
Dana
We do exactly what you are asking, but with two distinctly separate DNS servers. (One for the outside world, and one for internal)
The internal one can forward requests to the external, but not visa-versa. If we want internal machines to resolve internet addresses that belong to our domain, we use a different name in DNS on the internal server.
Maybe ricpinto has an idea on how to do it with one server?
Dana
Firstly, I stand corrected.
The only way that we can use one server for this case is to removed totally the DMZ implementation. That's why I add "it will defeat the purpose of your DMZ" after I said it can be done.
If you want the same domain name for both internal and public then you have to use 2 DNS separated by a firewall as Dana metioned above. But the administration and configuration is more complicated compared different Domain names.
So as far as i'm concerned, go for different domain names for internal and public because it's easier to put security implementation and administration.
The only way that we can use one server for this case is to removed totally the DMZ implementation. That's why I add "it will defeat the purpose of your DMZ" after I said it can be done.
If you want the same domain name for both internal and public then you have to use 2 DNS separated by a firewall as Dana metioned above. But the administration and configuration is more complicated compared different Domain names.
So as far as i'm concerned, go for different domain names for internal and public because it's easier to put security implementation and administration.
As I wrote in my article (The relation between internal DNS and external DNS from I advice for using the same name for uniformity of name structure in your network.
But, as in the above messages, DNS server from DMZ should be a different machine.
Gia Betiu
gia@almondeyes.net
Computer Eng. CNE 4, CNE 5, MCSE Win2K
new: (just started)
But, as in the above messages, DNS server from DMZ should be a different machine.
Gia Betiu
gia@almondeyes.net
Computer Eng. CNE 4, CNE 5, MCSE Win2K
new: (just started)
- Status
Similar threads
