Setting Up a Dual-Nic DNS Server

  • Thread starter Thread starter Chris
  • Start date Start date
C

Chris

I have one server with two 10/100 nics. One nic will be plugged into
a local lan with internet access and it's own dns, etc., the other nic
will be plugged into a switch which serves a small isolated subnet.
The server with two nics will need to run a DNS server for the
isolated subnet and pass any internet requests from the isolated
subnet to the internet accessible lan for resolution. I am familiar
with setting up a small single-nic dns server in conjunction with a
router, but not with the dual-nic configuration outlined above.

If anybody could point me towards documentation for configuring the
DNS server to support the outlined configuration or offer some
instructions I would appreciate it.

I was thinking I'd just be able to setup the DNS servers on the
internet accessible LAN as forwarders and the dual-nic server would
know it had access to the internet accessible lan through its second
nic, but I wanted to check here before I did anything.


Many thanks,
Chris
 
In
Chris said:
I have one server with two 10/100 nics. One nic will be plugged into
a local lan with internet access and it's own dns, etc., the other nic
will be plugged into a switch which serves a small isolated subnet.
The server with two nics will need to run a DNS server for the
isolated subnet and pass any internet requests from the isolated
subnet to the internet accessible lan for resolution. I am familiar
with setting up a small single-nic dns server in conjunction with a
router, but not with the dual-nic configuration outlined above.

If anybody could point me towards documentation for configuring the
DNS server to support the outlined configuration or offer some
instructions I would appreciate it.

I was thinking I'd just be able to setup the DNS servers on the
internet accessible LAN as forwarders and the dual-nic server would
know it had access to the internet accessible lan through its second
nic, but I wanted to check here before I did anything.


Many thanks,
Chris
Click to expand...

Whether this will perform NAT or not...

1. Assuming you don't need access to that subnet via shared drives or
anything else, disable NetBIOS, MS Client and F&P Services on the outer NIC.

2. Set DNS to only listen on the internal NIC for requests

3. Set the internal NIC to the top of the binding order (Net & Dialup, Adv,
Adv settings)

4. Set both NIC's DNS addresses in IP properties to itself (no other DNS
addresses)

5. Set a forwarder to your outside DNS (ISP)

6. Hopefully this is not a DC.


Hope that helps



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I assumed steps 2,4, and 5 would need to be done but many thanks for 1
and 3. It is yet to be decided whether or not this machine will also
be a domain controller. If it is, what are the additional
considerations that need to be taken?

Many thanks,
Chris
 
In
Chris said:
I assumed steps 2,4, and 5 would need to be done but many thanks for 1
and 3. It is yet to be decided whether or not this machine will also
be a domain controller. If it is, what are the additional
considerations that need to be taken?

Many thanks,
Chris
Click to expand...

Besides what I posted, there are additional steps if this is to be a DC that
involve registry changes (due to the dual GC and LdapIpAddress records
auto-registering that you need to stop) and fudging and customizing DNS,
especially if the same name domain as your external were to be chosen. I
really really don't recommend this....




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I'm writing out some instructions for myself and am wondering what
would the default gateway be for the private NIC? Would it be the IP
address of the private nic or the IP address of the public NIC?

Thanks,
Chris
 
In
Chris said:
I'm writing out some instructions for myself and am wondering what
would the default gateway be for the private NIC? Would it be the IP
address of the private nic or the IP address of the public NIC?

Thanks,
Chris
Click to expand...

What gateway? NOmrally the internal NIC shouldn't have a gateway. Standard
rules. Only *one* NIC in any mutlihomed machine has *the* default gateway.

To determine which NIC you have to ask yourself, which NIC is the doorway
(the line) that leads out of the building?



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I'll take your word that running ad and the dual-nic is asking for
trouble and work on getting around that, possibly with a small router.

Thanks for the help,
Chris
 
In
Chris said:
I'll take your word that running ad and the dual-nic is asking for
trouble and work on getting around that, possibly with a small router.

Thanks for the help,
Chris
Click to expand...

Good idea. I usually recommend this for my clients and it works like a
charm. A Linksys with builtin Firewall or even better, a NetGear with a
firewall works well. This leaves the internal machines to do what they do
best... :-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top