Need help on setting up win2000 dns

  • Thread starter Thread starter Yui
  • Start date Start date
Y

Yui

Hi Herb,
Thank you for your reply. Please see my comments inline below:
Where is the 10.x.x.x machine? Or are those two NICs on
one machine?
Click to expand...

The DNS with the 10.x.x.x is in DMZ. The unit is not equiped with two
NICs, but one. I read on some article that Windows2000 DNS can
possibly handle this configuration, DNS with NAT, although BIND can
deal with this without question.
Which server?
Click to expand...

The DNS server with the 10.x.x.x above.
I can neither do nslookup the DNS server from the internet, nor do
nslookup itself with DNS querries' timeout...
Huh?

Any problem (of misconfiguration) can be resolved and
Windows DNS is almost always superior for Windows
domains (over BIND.)

DNS
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) On the internal DNS servers set the ISP DNS server(s) as
the FORWARDER

Restart NetLogon on any DC if you change any of the above that
affects a DC.

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Click to expand...

Thanks, I checked the above points, but nothing has been resolved...
Let me summarize how I want to setup the systems as below:

External(Outside): Firewall

[External<->DMZ - NAT (60.x.x.x <-> 10.x.x.x)

DMZ: DNS with private IP (10.x.x.x)
- Service - Only DNS
- NIC x 1
- DNS Zone File, etc., -> Global IPs

[External<->Trusted - NAT (60.x.x.x <-> 192.x.x.x]

Trusted(LAN):
- DC Server with Private IP (192.x.x.x) and dynamic for the zone
- Client Pool
-- Primary DNS -> DC Server (Private IP)
-- Secondary DNS -> DNS Server (Private IP)

I can reach the internet from any of client PCs with the setting
above.

Do I need configure any additional parameters on the DNS server?

Please advise,
 
Yui said:
Hi Herb,
Thank you for your reply. Please see my comments inline below:

Thanks, I checked the above points, but nothing has been resolved...
Let me summarize how I want to setup the systems as below:
Click to expand...

You summary below is most confusing but guessing
based on questions that have been asked by others
it seems that you are perhaps trying to use the same
DNS server for both INTERNAL DNS server and
EXTERNAL DNS.

While it may be (with much difficulty) possible to
do this with MS, or even readily doable with BIND
this is NOT a good architecture and seldom gives
reliable and secure results.

External(Outside): Firewall

[External<->DMZ - NAT (60.x.x.x <-> 10.x.x.x)

DMZ: DNS with private IP (10.x.x.x)
- Service - Only DNS
- NIC x 1
- DNS Zone File, etc., -> Global IPs
Click to expand...
[External<->Trusted - NAT (60.x.x.x <-> 192.x.x.x]
Click to expand...

If you aren't trying what I guessed the the NAT (probably)
has nothing to do with your DNS -- certainly for internal
use only.
Trusted(LAN):
- DC Server with Private IP (192.x.x.x) and dynamic for the zone
- Client Pool
-- Primary DNS -> DC Server (Private IP)
-- Secondary DNS -> DNS Server (Private IP)
Click to expand...

Are you saying you have the Primary for the Zone on the DC,
and the Secondary for the zone supporting AD on another
box?

I can reach the internet from any of client PCs with the setting
above.
Click to expand...

What doesn't work?
Do I need configure any additional parameters on the DNS server?
Click to expand...

What you are trying to accomplish?
 
Back
Top