Newbe question about internal NT DNS vs external ISP DNS 1

[yert33]

Company hosts own website in DMZ of PIX firewall. DNS is handled by the ISP's DNS servers. PIX firewall is handling DHCP and giving out the external ISP DNS server addresses.

I want to give internal users the ability to go to their own website. I'm being told I need to set up an internal DNS server that will hand out the private address for

http://www.xzy.com

so that they can.

My assumption is that I should do this and modify the PIX DHCP to hand out the internal DNS address first, then the public (ISP's) DNS address next.

BTW, they have only NT4.0 servers and I have never setup DNS from scratch. They host one website that responds to 2 internet domain names (

http://www.xyz.com

and

http://www.xyzinc.com)

Questions:
1. Do I set up the internal DNS zones (for xyz.com and xyzinc.com)as Primary or Secondary zones? (I guess secondary)

2. Do I use Forwarders ? (I guess I do and I put the public ISP DNS addresses there)

3. The servers on this LAN currently have "abc.com" as their local domain (TCPIP properties: DNS: Domain). BUT we are scheduled to change this domain in the near future. Will I need to consider xyz.local or server.xyz.com as alternate options?

4. Anything else a newbie should be aware of?

TIA

Trey

 

[wbg34]

Since you are using a pix I would doctor the dns on the pix. Basically you can set the pix to take all internal requests for

http://www.xyz.com

and redirect them to

http://www.xyz.com's

internal ip address. Here is som more info on this.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

 

[yert33]

WOW! You da man! (woman!)
Elegant, brief and on target my friend! One lil' ol' alias statement (of which I was unaware how to use) and viola! problem solved.

Thank you profusely, wbg34.

Now to go disbale that internal DNS server.