Hi, What level of Split DNS do you want to achieve? You can have a straight 'split brain dns' setup which your external DNS will be a standard primary zone with recursive turned off and your internal DNS can be integrated or not. Your internal dns does not need to know about your external dns at all so therefore it makes split brain dns setup fairly easy to setup. The external dns server will have at least 2 Network cards one to connect to internal network and one public. When you setup your external DNS you use the public ip address of your DNS server. Remember to create a dummy root hint for your internal DNS and disable recursive as well as tick box that says secure cache from pollution. Choose the same options for the external DNS Hope that helps - otherwise, if you are interested in securing your DNS setup even more then you will have to split your external DNS into Resolving DNS which listen only for queries originating from your frontend machines eg SMTP servers by means of your ISA server and Advertising servers which listen only for queries originating from the internet. These queries are resolved ony when the incoming server is authoritative for the requested zone. The advertising servers do not make outgoing requests, and recursion is not allowed. Good Luck, Sonny Mulitalo Technical Consultant Olympic Software (NZ) Ltd www.olympic.co.nz www.digitalexchange.co.nz -----Original Message----- From: Miguel Angel Perez [mailto:mperez@xxxxxxxxxxxxxxx] Sent: Thursday, 10 October 2002 4:52 a.m. To: [ISAserver.org Discussion List] Subject: [isalist] Prblems with SPLI-DNS Importance: High http://www.ISAserver.org Hi all, SORRY FOR MY ENGLISH. I had read the article of Mr Shinder, but I don't know how to do it. I want to do split-dns in my DNS severs, but when I try to add a new zone, I can't do it, because both of them have to have the same name. Somebody knows how to do it?. Also I would like to know what type of zones is those that I must create, if is a primary zone, if is a secondary zone or integrated. Thanks in advance. Best Regards. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: sonnym@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')