DNS Issue? URL vs IP address

[SCOTT]

Greetings -

I have a Win2k Server behind my firewall on a private subnet. Workstations are DHCP. I need to know how my users behind our firewall can access my web site via a URL versus an IP address. I have tried to setup the Forward lookup, but am not 100% sure as to the correct way to do this. I'm obviously doing it wrong.

Any pointers or suggestions would greatly be appreciated!
Thank you
Scott

 

[Herb Martin]

Any pointers or suggestions would greatly be appreciated!

Please use plain text for newsgroup posting is my main pointer <grin>

For Win2000 domain the Internal DNS server (set) must be Dynamic
for any zone supporting a Win2000 domain.

Ok, here's how to setup the DNS -- all clients use/point to the INTERNAL
DNS server; this includes the DNS server itself and any DCs (they are
clients
too) in the NIC\IP\DNS Server property.

The DNS typically will forward to an EXTERNAL DNS server, deferring
public resolution to this external DNS server which will perform the actual
recursion (top-down searching from the root) of the Internet.

If you have public resources (e.g., Web Server) with the SAME domain/zone
name as your internal DNS you will likely run a "Shadow DNS" system where
you create the DNS zone externally and separately create the same zone
internally, but we break this rule and use two Primaries, one externally and
one internally specifically to "break" the replication of these two zones
with
the same name.

In fact, if you look closely at such architectures, you will discover that
we do
in fact have TWO ZONES with the same name. So logically they look and
feel like the same zone but really never replicate and amount to two
different
zones which share SOME information.

All public resources are added (manually) to both the external and also
manually to the internal version of this zone -- no internal resources are
ever
added nor do they replicate to the external version of the zone.

--
Herb Martin


Normal case with DNS is exactly one Primary DNS server per zone -- the
Primary is
the ONLY server which can "change" or "update" the entries for that zone.

 

[SCOTT]

Funny that no one has ever mentioned that my OE was sending HTML posts vs.
Plain Text. Thanks...

One question though - if I setup another zone internally, do I add a
Primary, Secondary, or AD Integrated?

 

[Herb Martin]

An AD-Integrated (set) is an alternative to a Primary.

Secondaries are possible with either but much more
needed when you use a Primary.

The first you setup is either AD-Integrated OR Primary.
Never have two Primaries or mix them with an AD-set.

The exception is our External/Internal shadow zone setup
where we purposely use two to 'break' the replication.

 

[William Stacey]

Well first I would recommend redundancy. So in practice that means at least
two dns servers. You can use a primary/secondary pair or use two AD
multi-master primary zones. I generally would recommend multi-master AD
zones.

 

[Jonathan de Boyne Pollard]

S> I have tried to setup the Forward lookup, but am not 100% sure as
S> to the correct way to do this. I'm obviously doing it wrong.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon-common-server-names.html>
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/web-allowing-omission-of-www.html>

 

[SCOTT]

Thanks for the tips. I found this also...
http://www.microsoft.com/windows200...2000/en/advanced/help/sag_DNS_pro_AddHost.htm
however it doesn't say if I should enter the internal IP address or the
external address. I guess I will try both and see what happens.
Again - thanks for the pointers for help.
Scott

S> I have tried to setup the Forward lookup, but am not 100% sure as
S> to the correct way to do this. I'm obviously doing it wrong.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon-com
mon-server-names.html>

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/web-allowing-omission
-of-www.html>

 

[Herb Martin]

Thanks for the tips. I found this also...
http://www.microsoft.com/windows200...2000/en/advanced/help/sag_DNS_pro_AddHost.htm
however it doesn't say if I should enter the internal IP address or the
external address. I guess I will try both and see what happens.

Don't do that -- it leads to superstition.

Understand what you are doing here as this is a straight forward
issue.

Internal users typically need to resolve to an internal address for
internal servers.

External users MUST resolve to an external address on the NAT
for internal servers.

So, you only have to look at the location of the DNS server and which
group of users will be querying it to know which (not both) addresses
to add to THAT DNS server.

If both sets will access it then you pretty much must have two DNS
servers with different versions of the zone -- one external, and a different
version internally.

 

[William Stacey]

Agreed.

 

[Jonathan de Boyne Pollard]

HM> Don't do that -- it leads to superstition.
HM> Understand what you are doing here as this
HM> is a straight forward issue.

Understanding is always better. I enjoyed the "supersition" appellation. (-: