RE: Prblems with SPLI-DNS
- From: "Sonny Mulitalo" <SonnyM@xxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 10 Oct 2002 09:55:12 +1300
Hi,
What level of Split DNS do you want to achieve? You can have a straight
'split brain dns' setup which your external DNS will be a standard
primary zone with recursive turned off and your internal DNS can be
integrated or not. Your internal dns does not need to know about your
external dns at all so therefore it makes split brain dns setup fairly
easy to setup. The external dns server will have at least 2 Network
cards one to connect to internal network and one public. When you setup
your external DNS you use the public ip address of your DNS server.
Remember to create a dummy root hint for your internal DNS and disable
recursive as well as tick box that says secure cache from pollution.
Choose the same options for the external DNS
Hope that helps - otherwise, if you are interested in securing your DNS
setup even more then you will have to split your external DNS into
Resolving DNS which listen only for queries originating from your
frontend machines eg SMTP servers by means of your ISA server and
Advertising servers which listen only for queries originating from the
internet. These queries are resolved ony when the incoming server is
authoritative for the requested zone. The advertising servers do not
make outgoing requests, and recursion is not allowed.
Good Luck,
Sonny Mulitalo
Technical Consultant
Olympic Software (NZ) Ltd
www.olympic.co.nz
www.digitalexchange.co.nz
-----Original Message-----
From: Miguel Angel Perez [mailto:mperez@xxxxxxxxxxxxxxx]
Sent: Thursday, 10 October 2002 4:52 a.m.
To: [ISAserver.org Discussion List]
Subject: [isalist] Prblems with SPLI-DNS
Importance: High
http://www.ISAserver.org
Hi all,
SORRY FOR MY ENGLISH.
I had read the article of Mr Shinder, but I don't know how to do
it.
I want to do split-dns in my DNS severs, but when I try to add a
new zone, I can't do it, because both of them have to have the same
name.
Somebody knows how to do it?. Also I would like to know what
type of zones is those that I must create, if is a primary zone, if is a
secondary zone or integrated.
Thanks in advance.
Best Regards.
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: sonnym@xxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
