| Author |
Message |
Jason
Guest
|
 Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
Choice of DNS version in mixed Windows NT 4 domain Environme |
|
|
I have set up an IIS web server on my DMZ and I want my clients on the
internal trusted network to access the websites on the server using the
correct domain name www.sitesample.com.
I am currently using my ISP's DNS, so when the web request is resolved, my
ISP directs the request to my DMZ. However, my firewall doesn't allow this
kind of request redirection. The easiest solution is to install a DNS server
to forward the request to the server on the DMZ without querying the ISP's
DNS.
Finally, my question is as I am running a Windows NT4 domain but have
Windows 2000 and NT4 servers in the domain, I am wondering whether to use an
NT4 server's DNS software or a Windows 2000 server's DNS?
Thanks for any help |
|
| Back to top |
|
 |
Jason
Guest
|
| Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
Yes there are plans to do that but I don't really want to wait for that to
happen to get my sites to work the way I'd like.
"neo [mvp outlook]" wrote:
| Quote: | Biggest question... any plans to migrate that NT4 domain to Active
Directory? If the answer is yes, then you will have to go with Windows 2000
or newer DNS.
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:209E0770-CE82-4351-933A-67E9EA55761E@microsoft.com...
I have set up an IIS web server on my DMZ and I want my clients on the
internal trusted network to access the websites on the server using the
correct domain name www.sitesample.com.
I am currently using my ISP's DNS, so when the web request is resolved, my
ISP directs the request to my DMZ. However, my firewall doesn't allow this
kind of request redirection. The easiest solution is to install a DNS
server
to forward the request to the server on the DMZ without querying the ISP's
DNS.
Finally, my question is as I am running a Windows NT4 domain but have
Windows 2000 and NT4 servers in the domain, I am wondering whether to use
an
NT4 server's DNS software or a Windows 2000 server's DNS?
Thanks for any help
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:209E0770-CE82-4351-933A-67E9EA55761E@microsoft.com...
| Quote: | I have set up an IIS web server on my DMZ and I want my clients on the
internal trusted network to access the websites on the server using the
correct domain name www.sitesample.com.
|
Generally things in your DMZ (for external access)
generally should be in a SEPARATE EXTERNAL
DNS and another Internet DNS (for your internal
users.)
The external DNS is best left at your Registrar in
most cases.
| Quote: | I am currently using my ISP's DNS, so when the web request is resolved, my
ISP directs the request to my DMZ.
|
That is an Ok, method, but in the long run the the
Registrar is a better location for most people than
the ISP.
| Quote: | However, my firewall doesn't allow this
kind of request redirection. The easiest solution is to install a DNS
server
to forward the request to the server on the DMZ without querying the ISP's
DNS.
|
Internal DNS should run on separate completely
INTERNAL DNS servers.
| Quote: | Finally, my question is as I am running a Windows NT4 domain but have
Windows 2000 and NT4 servers in the domain, I am wondering whether to use
an
NT4 server's DNS software or a Windows 2000 server's DNS?
|
If you have a choice, use the Win2000 -- it has better
DNS features and will help you prepare should you ever
upgrade to a Win2000+ domain where the NT4 would be
an issue.
--
Herb Martin
| Quote: |
Thanks for any help |
|
|
| Back to top |
|
|
neo [mvp outlook]
Guest
|
| Posted:
Mon Jan 17, 2005 6:13 pm Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
Biggest question... any plans to migrate that NT4 domain to Active
Directory? If the answer is yes, then you will have to go with Windows 2000
or newer DNS.
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:209E0770-CE82-4351-933A-67E9EA55761E@microsoft.com...
| Quote: | I have set up an IIS web server on my DMZ and I want my clients on the
internal trusted network to access the websites on the server using the
correct domain name www.sitesample.com.
I am currently using my ISP's DNS, so when the web request is resolved, my
ISP directs the request to my DMZ. However, my firewall doesn't allow this
kind of request redirection. The easiest solution is to install a DNS
server
to forward the request to the server on the DMZ without querying the ISP's
DNS.
Finally, my question is as I am running a Windows NT4 domain but have
Windows 2000 and NT4 servers in the domain, I am wondering whether to use
an
NT4 server's DNS software or a Windows 2000 server's DNS?
Thanks for any help |
|
|
| Back to top |
|
|
John Smith
Guest
|
| Posted:
Mon Jan 17, 2005 7:24 pm Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
1. are any of the win2k servers domain controllers?
2. if you have a good enough firewall, you can change dns reponses on the
fly at the firewall and avoid everthing else suggested here (although
there were some helpful hints)
On Mon, 17 Jan 2005 07:49:05 -0800, Jason wrote:
| Quote: | I have set up an IIS web server on my DMZ and I want my clients on the
internal trusted network to access the websites on the server using the
correct domain name www.sitesample.com.
I am currently using my ISP's DNS, so when the web request is resolved, my
ISP directs the request to my DMZ. However, my firewall doesn't allow this
kind of request redirection. The easiest solution is to install a DNS server
to forward the request to the server on the DMZ without querying the ISP's
DNS.
Finally, my question is as I am running a Windows NT4 domain but have
Windows 2000 and NT4 servers in the domain, I am wondering whether to use an
NT4 server's DNS software or a Windows 2000 server's DNS?
Thanks for any help |
|
|
| Back to top |
|
|
Kevin D. Goodknecht Sr. [
Guest
|
| Posted:
Mon Jan 17, 2005 7:24 pm Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
In news:209E0770-CE82-4351-933A-67E9EA55761E@microsoft.com,
Jason <Jason@discussions.microsoft.com> commented
Then Kevin replied below:
| Quote: | I have set up an IIS web server on my DMZ and I want my
clients on the internal trusted network to access the
websites on the server using the correct domain name
www.sitesample.com.
|
Add www.sitesample.com to the Hosts file with the IP of the webserver.
Or preferably, install DNS, point all internal clients to that DNS server's
IP address, then create a new forward lookup zone named www.sitesample.com
then create a new host record in that zone, leave the name field blank and
give it the IP of the web server. (This prevents the zone from conflicting
with other names in sitesample.com)
The second resolution is preferred because if you upgrade to Active
Directory you will need a local DNS server for all internal member clients
to use to access the AD Domain.
| Quote: | I am currently using my ISP's DNS, so when the web
request is resolved, my ISP directs the request to my
DMZ. However, my firewall doesn't allow this kind of
request redirection. The easiest solution is to install a
DNS server to forward the request to the server on the
DMZ without querying the ISP's DNS.
Finally, my question is as I am running a Windows NT4
domain but have Windows 2000 and NT4 servers in the
domain, I am wondering whether to use an NT4 server's DNS
software or a Windows 2000 server's DNS?
|
By all means use Win2k for reasons already posted by others.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
=================================== |
|
| Back to top |
|
|
Jason
Guest
|
| Posted:
Tue Jan 18, 2005 4:37 pm Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
Hi Herb
Thanks for your reply:
So, in summary my best option is to
1) set up an internal Win2k DNS server for internal workstations to access
websites on my DMZ
2) Currently my ISP acts as my registrar's agent, so that should work OK. I
don't have any complaints with them anyway so I'll leave the external
internet DNS with them.
Have I understood you correctly?
Thanks again
"Herb Martin" wrote:
| Quote: | "Jason" <Jason@discussions.microsoft.com> wrote in message
news:209E0770-CE82-4351-933A-67E9EA55761E@microsoft.com...
I have set up an IIS web server on my DMZ and I want my clients on the
internal trusted network to access the websites on the server using the
correct domain name www.sitesample.com.
Generally things in your DMZ (for external access)
generally should be in a SEPARATE EXTERNAL
DNS and another Internet DNS (for your internal
users.)
The external DNS is best left at your Registrar in
most cases.
I am currently using my ISP's DNS, so when the web request is resolved, my
ISP directs the request to my DMZ.
That is an Ok, method, but in the long run the the
Registrar is a better location for most people than
the ISP.
However, my firewall doesn't allow this
kind of request redirection. The easiest solution is to install a DNS
server
to forward the request to the server on the DMZ without querying the ISP's
DNS.
Internal DNS should run on separate completely
INTERNAL DNS servers.
Finally, my question is as I am running a Windows NT4 domain but have
Windows 2000 and NT4 servers in the domain, I am wondering whether to use
an
NT4 server's DNS software or a Windows 2000 server's DNS?
If you have a choice, use the Win2000 -- it has better
DNS features and will help you prepare should you ever
upgrade to a Win2000+ domain where the NT4 would be
an issue.
--
Herb Martin
Thanks for any help
|
|
|
| Back to top |
|
|
Jason
Guest
|
| Posted:
Tue Jan 18, 2005 4:43 pm Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
Thanks Kevin
I'll get on with installing a Win2k DNS server on my internal network. Looks
like I've got a fair bit of reading to do on DNS!
"Kevin D. Goodknecht Sr. [MVP]" wrote:
| Quote: | In news:209E0770-CE82-4351-933A-67E9EA55761E@microsoft.com,
Jason <Jason@discussions.microsoft.com> commented
Then Kevin replied below:
I have set up an IIS web server on my DMZ and I want my
clients on the internal trusted network to access the
websites on the server using the correct domain name
www.sitesample.com.
Add www.sitesample.com to the Hosts file with the IP of the webserver.
Or preferably, install DNS, point all internal clients to that DNS server's
IP address, then create a new forward lookup zone named www.sitesample.com
then create a new host record in that zone, leave the name field blank and
give it the IP of the web server. (This prevents the zone from conflicting
with other names in sitesample.com)
The second resolution is preferred because if you upgrade to Active
Directory you will need a local DNS server for all internal member clients
to use to access the AD Domain.
I am currently using my ISP's DNS, so when the web
request is resolved, my ISP directs the request to my
DMZ. However, my firewall doesn't allow this kind of
request redirection. The easiest solution is to install a
DNS server to forward the request to the server on the
DMZ without querying the ISP's DNS.
Finally, my question is as I am running a Windows NT4
domain but have Windows 2000 and NT4 servers in the
domain, I am wondering whether to use an NT4 server's DNS
software or a Windows 2000 server's DNS?
By all means use Win2k for reasons already posted by others.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|
| Back to top |
|
|
Jason
Guest
|
| Posted:
Tue Jan 18, 2005 6:59 pm Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
Hi John
No all the Win 2K servers are member servers and our firewall doesn't allow
me to change the DNS responses in that way
Regards
"John Smith" wrote:
| Quote: | 1. are any of the win2k servers domain controllers?
2. if you have a good enough firewall, you can change dns reponses on the
fly at the firewall and avoid everthing else suggested here (although
there were some helpful hints)
On Mon, 17 Jan 2005 07:49:05 -0800, Jason wrote:
I have set up an IIS web server on my DMZ and I want my clients on the
internal trusted network to access the websites on the server using the
correct domain name www.sitesample.com.
I am currently using my ISP's DNS, so when the web request is resolved, my
ISP directs the request to my DMZ. However, my firewall doesn't allow this
kind of request redirection. The easiest solution is to install a DNS server
to forward the request to the server on the DMZ without querying the ISP's
DNS.
Finally, my question is as I am running a Windows NT4 domain but have
Windows 2000 and NT4 servers in the domain, I am wondering whether to use an
NT4 server's DNS software or a Windows 2000 server's DNS?
Thanks for any help
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Tue Jan 18, 2005 9:05 pm Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:80C1355E-8995-4CAA-8FBF-0DDD1CBFD734@microsoft.com...
| Quote: | Hi Herb
Thanks for your reply:
So, in summary my best option is to
1) set up an internal Win2k DNS server for internal workstations to
access
websites on my DMZ
|
If it is ONLY for thd DMZ it wouldn't be necessary,
but rather setup an internal DNS name server (set)
for ALL internal names and manually add the DMZ
or any other names from your public servers. (This
is so your internal users can reach your own public
servers.)
| Quote: | 2) Currently my ISP acts as my registrar's agent, so that should work OK.
I
don't have any complaints with them anyway so I'll leave the external
internet DNS with them.
|
That's ok, not quite as good as a quality registrar in MOST
cases, but if you are happy don't move it back to the registrar
until the next time you change ISPs.
--
Herb Martin
| Quote: | Have I understood you correctly?
Thanks again
"Herb Martin" wrote:
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:209E0770-CE82-4351-933A-67E9EA55761E@microsoft.com...
I have set up an IIS web server on my DMZ and I want my clients on
the
internal trusted network to access the websites on the server using
the
correct domain name www.sitesample.com.
Generally things in your DMZ (for external access)
generally should be in a SEPARATE EXTERNAL
DNS and another Internet DNS (for your internal
users.)
The external DNS is best left at your Registrar in
most cases.
I am currently using my ISP's DNS, so when the web request is
resolved, my
ISP directs the request to my DMZ.
That is an Ok, method, but in the long run the the
Registrar is a better location for most people than
the ISP.
However, my firewall doesn't allow this
kind of request redirection. The easiest solution is to install a DNS
server
to forward the request to the server on the DMZ without querying the
ISP's
DNS.
Internal DNS should run on separate completely
INTERNAL DNS servers.
Finally, my question is as I am running a Windows NT4 domain but have
Windows 2000 and NT4 servers in the domain, I am wondering whether to
use
an
NT4 server's DNS software or a Windows 2000 server's DNS?
If you have a choice, use the Win2000 -- it has better
DNS features and will help you prepare should you ever
upgrade to a Win2000+ domain where the NT4 would be
an issue.
--
Herb Martin
Thanks for any help
|
|
|
| Back to top |
|
|
Jason
Guest
|
| Posted:
Tue Jan 18, 2005 9:53 pm Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
Hi Herb
You're losing me a bit there. My DNS knowledge is limited, but as long as I
know that I have to set up a internal Win 2k DNS server. I''ll read up on
DNS and re-read your advice
The DNS server will only be for internal clients to use the correct URL
adddress for websites hosted on my DMZ. IIS can then point them to the right
area of the web server using Host Headers info
Thanks
"Herb Martin" wrote:
| Quote: | "Jason" <Jason@discussions.microsoft.com> wrote in message
news:80C1355E-8995-4CAA-8FBF-0DDD1CBFD734@microsoft.com...
Hi Herb
Thanks for your reply:
So, in summary my best option is to
1) set up an internal Win2k DNS server for internal workstations to
access
websites on my DMZ
If it is ONLY for thd DMZ it wouldn't be necessary,
but rather setup an internal DNS name server (set)
for ALL internal names and manually add the DMZ
or any other names from your public servers. (This
is so your internal users can reach your own public
servers.)
2) Currently my ISP acts as my registrar's agent, so that should work OK.
I
don't have any complaints with them anyway so I'll leave the external
internet DNS with them.
That's ok, not quite as good as a quality registrar in MOST
cases, but if you are happy don't move it back to the registrar
until the next time you change ISPs.
--
Herb Martin
Have I understood you correctly?
Thanks again
"Herb Martin" wrote:
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:209E0770-CE82-4351-933A-67E9EA55761E@microsoft.com...
I have set up an IIS web server on my DMZ and I want my clients on
the
internal trusted network to access the websites on the server using
the
correct domain name www.sitesample.com.
Generally things in your DMZ (for external access)
generally should be in a SEPARATE EXTERNAL
DNS and another Internet DNS (for your internal
users.)
The external DNS is best left at your Registrar in
most cases.
I am currently using my ISP's DNS, so when the web request is
resolved, my
ISP directs the request to my DMZ.
That is an Ok, method, but in the long run the the
Registrar is a better location for most people than
the ISP.
However, my firewall doesn't allow this
kind of request redirection. The easiest solution is to install a DNS
server
to forward the request to the server on the DMZ without querying the
ISP's
DNS.
Internal DNS should run on separate completely
INTERNAL DNS servers.
Finally, my question is as I am running a Windows NT4 domain but have
Windows 2000 and NT4 servers in the domain, I am wondering whether to
use
an
NT4 server's DNS software or a Windows 2000 server's DNS?
If you have a choice, use the Win2000 -- it has better
DNS features and will help you prepare should you ever
upgrade to a Win2000+ domain where the NT4 would be
an issue.
--
Herb Martin
Thanks for any help
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Tue Jan 18, 2005 10:59 pm Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
| Quote: |
You're losing me a bit there. My DNS knowledge is limited, but as long as
I
know that I have to set up a internal Win 2k DNS server. I''ll read up on
DNS and re-read your advice
The DNS server will only be for internal clients to use the correct URL
adddress for websites hosted on my DMZ. IIS can then point them to the
right
area of the web server using Host Headers info
|
So manually add those (external or DMZ) addresss to the
internal names server IF you are using the same zone name
both internally and externally.
Internal clients must use ONLY your internal DNS name
servers. If the internal name servers are missing records for
external resource in the same zone, the internal server will
STOP looking since it holds the zone (it's authoritative)
and KNOWS there are no other entries (even if it is wrong.)
| Quote: | Thanks
"Herb Martin" wrote:
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:80C1355E-8995-4CAA-8FBF-0DDD1CBFD734@microsoft.com...
Hi Herb
Thanks for your reply:
So, in summary my best option is to
1) set up an internal Win2k DNS server for internal workstations to
access
websites on my DMZ
If it is ONLY for thd DMZ it wouldn't be necessary,
but rather setup an internal DNS name server (set)
for ALL internal names and manually add the DMZ
or any other names from your public servers. (This
is so your internal users can reach your own public
servers.)
2) Currently my ISP acts as my registrar's agent, so that should work
OK.
I
don't have any complaints with them anyway so I'll leave the external
internet DNS with them.
That's ok, not quite as good as a quality registrar in MOST
cases, but if you are happy don't move it back to the registrar
until the next time you change ISPs.
--
Herb Martin
Have I understood you correctly?
Thanks again
"Herb Martin" wrote:
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:209E0770-CE82-4351-933A-67E9EA55761E@microsoft.com...
I have set up an IIS web server on my DMZ and I want my clients
on
the
internal trusted network to access the websites on the server
using
the
correct domain name www.sitesample.com.
Generally things in your DMZ (for external access)
generally should be in a SEPARATE EXTERNAL
DNS and another Internet DNS (for your internal
users.)
The external DNS is best left at your Registrar in
most cases.
I am currently using my ISP's DNS, so when the web request is
resolved, my
ISP directs the request to my DMZ.
That is an Ok, method, but in the long run the the
Registrar is a better location for most people than
the ISP.
However, my firewall doesn't allow this
kind of request redirection. The easiest solution is to install a
DNS
server
to forward the request to the server on the DMZ without querying
the
ISP's
DNS.
Internal DNS should run on separate completely
INTERNAL DNS servers.
Finally, my question is as I am running a Windows NT4 domain but
have
Windows 2000 and NT4 servers in the domain, I am wondering whether
to
use
an
NT4 server's DNS software or a Windows 2000 server's DNS?
If you have a choice, use the Win2000 -- it has better
DNS features and will help you prepare should you ever
upgrade to a Win2000+ domain where the NT4 would be
an issue.
--
Herb Martin
Thanks for any help
|
|
|
| Back to top |
|
|
Jason
Guest
|
| Posted:
Tue Jan 18, 2005 11:13 pm Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
Thanks Herb
I'll bury my head ina DNS book or 2
Best Regards
"Herb Martin" wrote:
| Quote: |
You're losing me a bit there. My DNS knowledge is limited, but as long as
I
know that I have to set up a internal Win 2k DNS server. I''ll read up on
DNS and re-read your advice
The DNS server will only be for internal clients to use the correct URL
adddress for websites hosted on my DMZ. IIS can then point them to the
right
area of the web server using Host Headers info
So manually add those (external or DMZ) addresss to the
internal names server IF you are using the same zone name
both internally and externally.
Internal clients must use ONLY your internal DNS name
servers. If the internal name servers are missing records for
external resource in the same zone, the internal server will
STOP looking since it holds the zone (it's authoritative)
and KNOWS there are no other entries (even if it is wrong.)
Thanks
"Herb Martin" wrote:
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:80C1355E-8995-4CAA-8FBF-0DDD1CBFD734@microsoft.com...
Hi Herb
Thanks for your reply:
So, in summary my best option is to
1) set up an internal Win2k DNS server for internal workstations to
access
websites on my DMZ
If it is ONLY for thd DMZ it wouldn't be necessary,
but rather setup an internal DNS name server (set)
for ALL internal names and manually add the DMZ
or any other names from your public servers. (This
is so your internal users can reach your own public
servers.)
2) Currently my ISP acts as my registrar's agent, so that should work
OK.
I
don't have any complaints with them anyway so I'll leave the external
internet DNS with them.
That's ok, not quite as good as a quality registrar in MOST
cases, but if you are happy don't move it back to the registrar
until the next time you change ISPs.
--
Herb Martin
Have I understood you correctly?
Thanks again
"Herb Martin" wrote:
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:209E0770-CE82-4351-933A-67E9EA55761E@microsoft.com...
I have set up an IIS web server on my DMZ and I want my clients
on
the
internal trusted network to access the websites on the server
using
the
correct domain name www.sitesample.com.
Generally things in your DMZ (for external access)
generally should be in a SEPARATE EXTERNAL
DNS and another Internet DNS (for your internal
users.)
The external DNS is best left at your Registrar in
most cases.
I am currently using my ISP's DNS, so when the web request is
resolved, my
ISP directs the request to my DMZ.
That is an Ok, method, but in the long run the the
Registrar is a better location for most people than
the ISP.
However, my firewall doesn't allow this
kind of request redirection. The easiest solution is to install a
DNS
server
to forward the request to the server on the DMZ without querying
the
ISP's
DNS.
Internal DNS should run on separate completely
INTERNAL DNS servers.
Finally, my question is as I am running a Windows NT4 domain but
have
Windows 2000 and NT4 servers in the domain, I am wondering whether
to
use
an
NT4 server's DNS software or a Windows 2000 server's DNS?
If you have a choice, use the Win2000 -- it has better
DNS features and will help you prepare should you ever
upgrade to a Win2000+ domain where the NT4 would be
an issue.
--
Herb Martin
Thanks for any help
|
|
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Wed Jan 19, 2005 12:10 am Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:30EDFCE2-C934-4EA9-B2AD-2E45664DF563@microsoft.com...
| Quote: | Thanks Herb
I'll bury my head ina DNS book or 2
|
That's fine, but most of this stuff is spread over
100s of pages if even included an any DNS book.
You might wish to just ask for a clarification on
anything that isn't clear.
--
Herb Martin
| Quote: |
Best Regards
"Herb Martin" wrote:
You're losing me a bit there. My DNS knowledge is limited, but as long
as
I
know that I have to set up a internal Win 2k DNS server. I''ll read
up on
DNS and re-read your advice
The DNS server will only be for internal clients to use the correct
URL
adddress for websites hosted on my DMZ. IIS can then point them to the
right
area of the web server using Host Headers info
So manually add those (external or DMZ) addresss to the
internal names server IF you are using the same zone name
both internally and externally.
Internal clients must use ONLY your internal DNS name
servers. If the internal name servers are missing records for
external resource in the same zone, the internal server will
STOP looking since it holds the zone (it's authoritative)
and KNOWS there are no other entries (even if it is wrong.)
Thanks
"Herb Martin" wrote:
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:80C1355E-8995-4CAA-8FBF-0DDD1CBFD734@microsoft.com...
Hi Herb
Thanks for your reply:
So, in summary my best option is to
1) set up an internal Win2k DNS server for internal workstations
to
access
websites on my DMZ
If it is ONLY for thd DMZ it wouldn't be necessary,
but rather setup an internal DNS name server (set)
for ALL internal names and manually add the DMZ
or any other names from your public servers. (This
is so your internal users can reach your own public
servers.)
2) Currently my ISP acts as my registrar's agent, so that should
work
OK.
I
don't have any complaints with them anyway so I'll leave the
external
internet DNS with them.
That's ok, not quite as good as a quality registrar in MOST
cases, but if you are happy don't move it back to the registrar
until the next time you change ISPs.
--
Herb Martin
Have I understood you correctly?
Thanks again
"Herb Martin" wrote:
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:209E0770-CE82-4351-933A-67E9EA55761E@microsoft.com...
I have set up an IIS web server on my DMZ and I want my
clients
on
the
internal trusted network to access the websites on the server
using
the
correct domain name www.sitesample.com.
Generally things in your DMZ (for external access)
generally should be in a SEPARATE EXTERNAL
DNS and another Internet DNS (for your internal
users.)
The external DNS is best left at your Registrar in
most cases.
I am currently using my ISP's DNS, so when the web request is
resolved, my
ISP directs the request to my DMZ.
That is an Ok, method, but in the long run the the
Registrar is a better location for most people than
the ISP.
However, my firewall doesn't allow this
kind of request redirection. The easiest solution is to
install a
DNS
server
to forward the request to the server on the DMZ without
querying
the
ISP's
DNS.
Internal DNS should run on separate completely
INTERNAL DNS servers.
Finally, my question is as I am running a Windows NT4 domain
but
have
Windows 2000 and NT4 servers in the domain, I am wondering
whether
to
use
an
NT4 server's DNS software or a Windows 2000 server's DNS?
If you have a choice, use the Win2000 -- it has better
DNS features and will help you prepare should you ever
upgrade to a Win2000+ domain where the NT4 would be
an issue.
--
Herb Martin
Thanks for any help
|
|
|
| Back to top |
|
|
Jason
Guest
|
| Posted:
Wed Jan 19, 2005 3:13 pm Post subject:
Re: Choice of DNS version in mixed Windows NT 4 domain Envir |
|
|
I need to get stuck into the DNS software so I know the terminology and the
software better. I'll get back on the message boards if I get stuck again
(i'm sure that I will
Thanks Herb
"Herb Martin" wrote:
| Quote: | "Jason" <Jason@discussions.microsoft.com> wrote in message
news:30EDFCE2-C934-4EA9-B2AD-2E45664DF563@microsoft.com...
Thanks Herb
I'll bury my head ina DNS book or 2
That's fine, but most of this stuff is spread over
100s of pages if even included an any DNS book.
You might wish to just ask for a clarification on
anything that isn't clear.
--
Herb Martin
Best Regards
"Herb Martin" wrote:
You're losing me a bit there. My DNS knowledge is limited, but as long
as
I
know that I have to set up a internal Win 2k DNS server. I''ll read
up on
DNS and re-read your advice
The DNS server will only be for internal clients to use the correct
URL
adddress for websites hosted on my DMZ. IIS can then point them to the
right
area of the web server using Host Headers info
So manually add those (external or DMZ) addresss to the
internal names server IF you are using the same zone name
both internally and externally.
Internal clients must use ONLY your internal DNS name
servers. If the internal name servers are missing records for
external resource in the same zone, the internal server will
STOP looking since it holds the zone (it's authoritative)
and KNOWS there are no other entries (even if it is wrong.)
Thanks
"Herb Martin" wrote:
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:80C1355E-8995-4CAA-8FBF-0DDD1CBFD734@microsoft.com...
Hi Herb
Thanks for your reply:
So, in summary my best option is to
1) set up an internal Win2k DNS server for internal workstations
to
access
websites on my DMZ
If it is ONLY for thd DMZ it wouldn't be necessary,
but rather setup an internal DNS name server (set)
for ALL internal names and manually add the DMZ
or any other names from your public servers. (This
is so your internal users can reach your own public
servers.)
2) Currently my ISP acts as my registrar's agent, so that should
work
OK.
I
don't have any complaints with them anyway so I'll leave the
external
internet DNS with them.
That's ok, not quite as good as a quality registrar in MOST
cases, but if you are happy don't move it back to the registrar
until the next time you change ISPs.
--
Herb Martin
Have I understood you correctly?
Thanks again
"Herb Martin" wrote:
"Jason" <Jason@discussions.microsoft.com> wrote in message
news:209E0770-CE82-4351-933A-67E9EA55761E@microsoft.com...
I have set up an IIS web server on my DMZ and I want my
clients
on
the
internal trusted network to access the websites on the server
using
the
correct domain name www.sitesample.com.
Generally things in your DMZ (for external access)
generally should be in a SEPARATE EXTERNAL
DNS and another Internet DNS (for your internal
users.)
The external DNS is best left at your Registrar in
most cases.
I am currently using my ISP's DNS, so when the web request is
resolved, my
ISP directs the request to my DMZ.
That is an Ok, method, but in the long run the the
Registrar is a better location for most people than
the ISP.
However, my firewall doesn't allow this
kind of request redirection. The easiest solution is to
install a
DNS
server
to forward the request to the server on the DMZ without
querying
the
ISP's
DNS.
Internal DNS should run on separate completely
INTERNAL DNS servers.
Finally, my question is as I am running a Windows NT4 domain
but
have
Windows 2000 and NT4 servers in the domain, I am wondering
whether
to
use
an
NT4 server's DNS software or a Windows 2000 server's DNS?
If you have a choice, use the Win2000 -- it has better
DNS features and will help you prepare should you ever
upgrade to a Win2000+ domain where the NT4 would be
an issue.
--
Herb Martin
Thanks for any help
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in