public vs private domain

[William Stacey]

I've done some reading on using a "split DNS" and I am considering
changing my local domain name or AD name so >that my public name and local
name are different, thus alleviating the public/internal naming issue.

There is no real issue here. You only need to add the public (or keep
private if public hosts are internal anyway) IPs for your public records.
In most cases, this will only be a www record and maybe a mx record - so no
issue. It is a bigger issue to change domain names if you are already
setup.

1) Is it possible to have a local domain called w2k.cars.local?
Yes.

2) How will my DNS resolve Internet queries to a new host my public name

cars.com considering the .local name is

not a logical part of the cars.com domain? Will adding the new host also

add the .com logistics?

Not sure I understand your question. You can add new records to either
cars.com or cars.local. They are seperate domains.

3) Can I run this setup on one DNS server as opposed to two DNS servers as

needed for a "Split DNS"?

You can, but not recommended to host public zones and private zones on same
DNS - especially if this dns server is also a DC. You can eliminate this
issue all together by letting your Registrar host your public IPs and manage
them with their DNS management sw. Then keep your private stuff private and
safe as possible behind your firewall. HTH

 

[Guest]

I've done some reading on using a "split DNS" and I am considering changing my local domain name or AD name so that my public name and local name are different, thus alleviating the public/internal naming issue

I have a couple of questions if someone will humor me and point me in the right direction

1) Is it possible to have a local domain called w2k.cars.local

2) How will my DNS resolve Internet queries to a new host my public name cars.com considering the .local name is not a logical part of the cars.com domain? Will adding the new host also add the .com logistics

3) Can I run this setup on one DNS server as opposed to two DNS servers as needed for a "Split DNS"

Thanks
ampapa

 

[Lanwench [MVP - Exchange]]

No real need to change this, honestly - if you have external web/mail
hosting, you can just add a DNS host entry for www, mail, what not , and
point it to the right public IP. Changing your AD domain name is not
something to be undertaken lightly - and I really don't see why it's
necessary.

PS: Two DNS servers are necessary only if you are hosting your own public
DNS, which you aren't, and generally shouldn't be.

 

[Guest]

Hey thanks for the reply's and information
add the .com logistics

Not sure I understand your question. You can add new records to eithe

cars.com or cars.local. They are seperate domains

If my DNS servers FQDN is w2k.cars.local would I just need to add the host cars.com and any resource records for that host assuming I was going to host both Public and Private zones on the same DNS server

I am currently hosting both public zones and private zones on same DNS and it is also a DC. I realize that this is not very secure and want to secure it by adding another DNS server. Currently all hosts seem to work fine and all internal clients can reach thier destinations but I think I have a "Loop Back" situation or at least I'm pretty sure I do, how else would I be getting to cars.com

What I would like is some redundancy by adding a second DNS server but I'm not sure I can accomplish this without adding a third DNS server if I need to
A) "Split" the DNS for Public and Private zones which is the correct way to configure the DNS
B) Have a Secondary server for Public zones

Am I on the right track here

 

[Lanwench [MVP - Exchange]]

OK - I misunderstood your original question, sorry. Can't help you with the
specifics of your questions below, but must ask, what's the reason you want
to host your own public DNS? It's really best in most small offices to let
someone else handle it. Much less overhead on your network, less work for
you...

 

[Guest]

Don't most users hosting websites host thier own DNS? Not only am I hosting my own site but I also host a few others for friends and relatives. By hosting my own DSN I'll have more control over the DNS records and less hassle with my ISP especially when tracking down problems.

The downside is I have to learn DNS (which I don't find as a real downside) and I need some redundancy. Which is why I am trying to figure out the best way to accomplish this. I really do appreciate the help I've recieved.

Thanks.

AJM.

 

[Kevin D. Goodknecht [MVP]]

In

Don't most users hosting websites host thier own DNS?

I would say the answer to this is no.

Not only am I

hosting my own site but I also host a few others for friends and
relatives. By hosting my own DSN I'll have more control over the DNS
records and less hassle with my ISP especially when tracking down
problems.

Hosting your own DNS can be a big hassle in itself. The first thing you have
to take in consideration you will need two public DNS servers in addition to
the internal DNS server you have now. (I'm assuming you have an internal DNS
or you would not be asking this question)
Your internal DNS server is only good for your local network, it won't work
for anyone outside on the internet because it has the records you need to
access your servers. Since you are most likely behind a router and or a
firewall you access your servers by private IP addresses.

Public zones cannot have any private addresses in them, at least with Win2k
DNS. So, you need two DNS servers with only public records in them that only
public machines have access to its public zones. You also need two public IP
addresses to NAT to these two servers.

The downside is I have to learn DNS (which I don't find as a real
downside) and I need some redundancy. Which is why I am trying to
figure out the best way to accomplish this. I really do appreciate
the help I've recieved.

The downside is if it not set up properly the sites won't be able to
accessed by name and if there are any email servers the email may end up in
lala land because it has not been routed properly.

 

[Adam Marx]

Don't most users hosting websites host thier own DNS?

I would say the answer to this is no.

Would the user just inform his/her ISP or whomever's DNS server they are
using of any changes that needed to be made? Do you have any suggestions
whom to use for external DNS?


So, in essence to do it right I need to be running 3 servers, 1 for
Local/internal and 2 for external( 1 for redundancy)? The local DNS would
eliminate the loopback correct?

The local DNS server would it need to communicate with the external DNS
servers in terms of updating records? should it be added to the domain or
would it essentially be a stand alone sever?

 

[Kevin D. Goodknecht [MVP]]

In

Would the user just inform his/her ISP or whomever's DNS server they
are using of any changes that needed to be made?

Simply, yes.

Do you have any
suggestions whom to use for external DNS?

It is out of my realm to suggest or recommend any particular service to use.
Depending on who your registrar is most of them offer this server most for
the price of the domain and have web interfaces to make changes.

So, in essence to do it right I need to be running 3 servers, 1 for
Local/internal and 2 for external( 1 for redundancy)?

You know you need at least one locally for your internal users and RFCs
require two public DNS servers.
You could fudge this by having one public DNS server listening on two IP
addresses.
Or one Public DNS server hosted locally and one secondary hosted elsewhere
by a DNS hosting company or even your ISP.

The local DNS
would eliminate the loopback correct?

If you are speaking of trying to loopback through a proxy using public IPs
which is not possible with NAT, yes. You would just point all internal
machines to the internal DNS to resolve to private addresses.

The local DNS server would it need to communicate with the external
DNS servers in terms of updating records?

Your internal (private) DNS would not need or want records from the external
(public) DNS servers. You would have records with the same name in both, but
they would point to different IP addresses.
Do not confuse this with the TCP/IP setting of the machine the public DNS is
running on, in that respect you treat it just as you do any other machine on
its LAN, it will point to the internal DNS in its NIC.

should it be added to the
domain or would it essentially be a stand alone sever?

I see the answer to this as a matter of your personal preference, though I
would make it a domain member. As previously stated, if it is a domain
member, it must point to the internal DNS. This will have no affect as far
as the DNS server's zones go. It would still have all public zones and
records, just no internal machines will be aware of its DNS server. You
would just NAT a public address to it.