Welcome to ISAserver.org

Split DNS with external dns and internal dns

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Split DNS with external dns and internal dns

Page: [1]

Message

<< Older Topic Newer Topic >>

Split DNS with external dns and internal dns - 25.Jul.2005 5:39:00 AM

ctrantan

Posts: 3
Joined: 18.Feb.2005
Status: offline

I have 2 dns with abc.com.vn

1 dns is external dns
1 dns is internal dns with Active Directory

External DNS has public IP is 203.162.1.1 with ns1.abc.com.vn

I want to put External DNS behind External FW with internal IP address.

Please help me

Post #: 1

Featured Links*

RE: Split DNS with external dns and internal dns - 25.Jul.2005 6:19:00 AM

tshinder

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi C,

No problem with that, that's what I do with my public DNS.

What problems are you having?

Thanks!
Tom

(in reply to ctrantan)

Post #: 2

RE: Split DNS with external dns and internal dns - 3.Aug.2005 11:21:00 AM

twscottIII

Posts: 28
Joined: 6.Apr.2004
From: Birmingham, AL
Status: offline

Tom,

Can you elaborate on how you configure your external DNS servers behind an ISA firewall. I currently have 2 DNS server, NS1.domain.com and NS2.domain.com. They are stand alone servers that sit on a dmz off of my ISA 2004 firewall. The servers are configured with private IP addresses and the firewall is configured to send port 53 TCP and UDP traffic to them. I have also configured the zone file with several host records and MX records for the domain.

The problem I am running into is that when I try and setup the secondary zone for the domain on NS2 it can never transfer the zone information. I have gone as far as allowing zone transfers to any computer and that still does not seem to resolve the issue.

I believe that the issue may be some combination of network settings and entries in the zone file. Since both servers are on a private address DMZ but yet they reference each other in the zone file with Public IP addresses. Am I missing something here? any insight would be appreciated!

Thanks,

Tom

(in reply to ctrantan)

Post #: 3

RE: Split DNS with external dns and internal dns - 4.Aug.2005 11:38:00 AM

isawader

Posts: 420
Joined: 27.Apr.2005
Status: offline

How did you setup you network?

Do you have a Front End and Back End firewall? Or ISA is trihomed?

If NS1 and NS2 have private IP number assigned to their NICs, why do they perform zone transfer using public address?

(in reply to ctrantan)

Post #: 4

RE: Split DNS with external dns and internal dns - 8.Aug.2005 5:07:00 PM

tshinder

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline

quote:
Originally posted by Tom Scott:
Tom,

Can you elaborate on how you configure your external DNS servers behind an ISA firewall. I currently have 2 DNS server, NS1.domain.com and NS2.domain.com. They are stand alone servers that sit on a dmz off of my ISA 2004 firewall. The servers are configured with private IP addresses and the firewall is configured to send port 53 TCP and UDP traffic to them. I have also configured the zone file with several host records and MX records for the domain.

The problem I am running into is that when I try and setup the secondary zone for the domain on NS2 it can never transfer the zone information. I have gone as far as allowing zone transfers to any computer and that still does not seem to resolve the issue.

I believe that the issue may be some combination of network settings and entries in the zone file. Since both servers are on a private address DMZ but yet they reference each other in the zone file with Public IP addresses. Am I missing something here? any insight would be appreciated!

Thanks,

Tom

Hi Tom,

That's the problem right there.

YOU MUST NEVER SHARE INFORMATION BETWEEN THE INTERNAL AND EXTERNAL ZONES.

There's never a reason to do a zone transfer, since the internal and external zones never have the same information.

HTH,
Tom

(in reply to ctrantan)

Post #: 5