Internal / External DNS Servers

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello

Two DNS (BIND 9) servers are hosted on our firewall (UNIX
Based): one server is bound to the internal network, and
the other server is bound to the Internet.

When I say bound both DNS Servers are configured as slave
DNS Servers. The internal one points at our internal DNS
master, which is a W2K RDC, and the external one points at
our ISP for external name resolution.

I have it set up so that our internal W2K DNS server
forwards requests to our internal slave DNS server that
resides on the firewall, the firewall then transfers the
requests to its external DNS slave, which in turn sends
requests to our ISPs Name Servers.

My question is should I allow zone transfers between both
internal DNS servers, or is setting up the forwarder alone
enough?

Any advice given would be very much appreciated!
 
In
Hello

Two DNS (BIND 9) servers are hosted on our firewall (UNIX
Based): one server is bound to the internal network, and
the other server is bound to the Internet.

When I say bound both DNS Servers are configured as slave
DNS Servers. The internal one points at our internal DNS
master, which is a W2K RDC, and the external one points at
our ISP for external name resolution.

I have it set up so that our internal W2K DNS server
forwards requests to our internal slave DNS server that
resides on the firewall, the firewall then transfers the
requests to its external DNS slave, which in turn sends
requests to our ISPs Name Servers.

My question is should I allow zone transfers between both
internal DNS servers, or is setting up the forwarder alone
enough?

Any advice given would be very much appreciated!
Click to expand...

Well, why do you want to setup a zone transfer? My only guess is if you want
a copy of the zone on the other internal DNS server? If your AD clients
aren't using it, and you're just forwarding to it, then no, you don't want
zone transfers.

If the AD clients are using it, then yes, you need a copy of the zone, since
any DNS listed on a client or DC must have a copy of the AD zone.

So the forwarder would be enough if the clients aren't directly using it....

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Thanks very much!
Click to expand...
You're welcom!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top