Resolving external IPs locally

  • Thread starter Thread starter GL
  • Start date Start date
G

GL

We have 2 Windows 2003 boxes with Active Directory and DNS
server on them. Our other servers are setup with these
boxes as their DNS servers. I would like to set up another
DNS zone so that the DNS servers can resolve the IP
addresses of some servers externally (on Internet, outside
the firewall). This is to reduce the amount of entries for
machines that I would have to permit in the firewall ACL
to do DNS lookups. What kind of zone would I setup?
Primary, secondary or stub? Or is there a better way of
achieving this?
 
In
GL said:
We have 2 Windows 2003 boxes with Active Directory and DNS
server on them. Our other servers are setup with these
boxes as their DNS servers. I would like to set up another
DNS zone so that the DNS servers can resolve the IP
addresses of some servers externally (on Internet, outside
the firewall). This is to reduce the amount of entries for
machines that I would have to permit in the firewall ACL
to do DNS lookups. What kind of zone would I setup?
Primary, secondary or stub? Or is there a better way of
achieving this?
Click to expand...

Does DNS have a root forward lookup zone? If you delete this zone it will
enable root hints and make it possible for the DNS server to resolve any
name in the ICANN root.
If you want only some names to resolve, you can use a stub zone.
 
Back
Top