How to prevent Private IP to be broadcasted in DNS

  • Thread starter Thread starter alan
  • Start date Start date
A

alan

Hi,

I have only 1 Win2k server running with AD,DNS and
Exchange 2k.
All workstations are running on WinXp. I configured my
router to use NAT so that my LAN server and pcs are using
private IP. The Win2k server contain 2 ip addresses; 1
private IP and 1 public IP. However, the server private
ip address will be registered in the dns as NS and being
broadcasted.

If I would to remove my host A record of the private IP
in the DNS and leaving just the public IP for the server,
my workstations would have a problem in resolving the
server and Exchange.

What can I do to prevent the private IP being broadcasted
in the dns and at the same time all the WinXP PCs able to
resolve the server and Exchange. Thanks & regards.
 
In
alan said:
Hi,

I have only 1 Win2k server running with AD,DNS and
Exchange 2k.
All workstations are running on WinXp. I configured my
router to use NAT so that my LAN server and pcs are using
private IP. The Win2k server contain 2 ip addresses; 1
private IP and 1 public IP. However, the server private
ip address will be registered in the dns as NS and being
broadcasted.

If I would to remove my host A record of the private IP
in the DNS and leaving just the public IP for the server,
my workstations would have a problem in resolving the
server and Exchange.

What can I do to prevent the private IP being broadcasted
in the dns and at the same time all the WinXP PCs able to
resolve the server and Exchange. Thanks & regards.
Click to expand...

Honestly, you need another DNS server. You need one for public and one
private. You should not mix public and private records in the same zone or
even on the same server.
 
Yes another DNS server is in order. Configure the new one as your public
server, then on the private remove the . zone (or root hints i can't
remember which) and setup forwarding to the public one. That way if you
clients ask your private DNS server for something off the internet, it will
forward the request to your public DNS. With the public server setup as a
plain old server and only put in the services you want to display...ie www,
mail,...etc.

Jason
 
In
alan said:
Hi,

How could I go about setting up a private dns for
internal resolving?
If to setup a private dns, must the server be an AD and
does the Exchange 2k installed in the private dns or
public dns server. Hope you are able to brief me on the
procedures. Many Thanks & regards.
Click to expand...
Here is how I've done it I have the private zone on the parent DC, I have
Exchange installed on a Child domain member. Both the Child DC and the
Exchange Child Member point to the Parent DC for DNS Only, the parent DC has
an AD zone for both the parent and the Child domain.
But both the Child DC and the Exchange Child Member have DNS installed and
are hosting only public DNS zones, there are no private zones on either. It
works without a hitch, I have taken extra steps to insure near 100% uptime
for all three machines since 1997.
(Knock on wood)
 
Hi,

Thanks for your prompt reply.

In the case you mentioned, you are using 3 servers to
resolve the issue. However, given my case, I could only
use 2 servers. How could I configure my second server
given that my Exchange, AD and DNS all setup on my
primary server already.
Thanks & regards.
 
In
alan said:
Hi,

Thanks for your prompt reply.

In the case you mentioned, you are using 3 servers to
resolve the issue. However, given my case, I could only
use 2 servers. How could I configure my second server
given that my Exchange, AD and DNS all setup on my
primary server already.
Thanks & regards.
Click to expand...
You will have to get resourceful to accomplish this but it can be done.
1. How many public IP addresses do you have?
You need two for a registered domain you can host the primary then get
someone else to host a secondary, that could be your ISP if they can or some
other DNS hosting company.
2. Having Exchange on your only DC is risky and not generally recommended, I
would promote your other server to a DC then demote the Exchange to a
member.
3. Install your local DNS on the new DC then point all your internal
machines to it only.
4. That would leave your Exchange member server open to host your public
zones on it. DNS does not generally require much in the way of resources or
bandwidth, it should work fine.

Having a secondary zone hosted externally would be an advantage to hosting
both public DNS servers. Then on your router, you need to forward 53 TCP &
UDP to Exchange along with the other ports you need to run Exchange i. e. 80
TCP 25 TCP and possibly 443 TCP, 110 TCP, 143 TCP and so on depending on
your services you allow.
 
Back
Top