Windows 2003 ADS & Firewall Problem

[raindreams]

A friend of mine is trying to change up everything at a small business he works for. Currently, they have a linux box that does masq. and dns (for their website company.com). They have an internal server (with a private address) that runs Windows 2003 AD (single domain controller) and DNS inside the LAN. He wants to make 2003 the server the primary DNS for site. The problem is this: If he moves the 2003 server outside the firewall/masq. how will Windows XP machines connect to the 2003 server domain controller? I thought about giving the server 2 IP's -- one internal and one external but then that would cause a DNS problem since you can't have DNS records for private IP's on a public DNS server. If we got rid of the Linux firewall, is there a way to make the 2003 server a NAT gateway and still retain the role of DC and DNS server?

 

[tfg13]

Why would your friend need to move the DNS outside of the site? A DNS can sit anywhere on the network, and if configured correctly, can still dish out names of "foreign" PC's. What I mean is, as long as the DNS inside has some outside DNS addresses configured, and the DNS inside can't resolve the IP, then it will pass the request on to an outside DNS. I have done this on several networks that I have set up, and it works great.
As for your question about making the 2003 server a NAT gateway, look at ISS. It basically takes the function of the old proxy. I don't recommend this, as a firewall is always good.