| Author |
Message |
Rosemary
Guest
|
 Posted:
Sat Jan 15, 2005 1:09 am Post subject:
DNS Reverse lookup to the client |
|
|
Hello,
I am currently designing a AD\DNS 2003 architecture. One of our
requirements is to allow reverse lookup all the way to the desktop. Of
course we would like to hide our AD structure, and we are looking at having 3
Forests (that will have trusts).
Also it has not been agreed upon if W2k3 DNS will be allowed to coexist with
current DNS, currently using BIND.
Any ideas?
--
Thank you,
Rosemary |
|
| Back to top |
|
 |
John Smith
Guest
|
| Posted:
Sat Jan 15, 2005 1:28 am Post subject:
Re: DNS Reverse lookup to the client |
|
|
you want to hide your AD structure from whom? internal or external
users?
On Fri, 14 Jan 2005 11:09:03 -0800, Rosemary wrote:
| Quote: | Hello,
I am currently designing a AD\DNS 2003 architecture. One of our
requirements is to allow reverse lookup all the way to the desktop. Of
course we would like to hide our AD structure, and we are looking at having 3
Forests (that will have trusts).
Also it has not been agreed upon if W2k3 DNS will be allowed to coexist with
current DNS, currently using BIND.
Any ideas? |
|
|
| Back to top |
|
|
Rosemary
Guest
|
| Posted:
Sat Jan 15, 2005 1:37 am Post subject:
Re: DNS Reverse lookup to the client |
|
|
Hide AD from External users.
Currently our external DNS server has the reverse lookup info.
"John Smith" wrote:
| Quote: | you want to hide your AD structure from whom? internal or external
users?
On Fri, 14 Jan 2005 11:09:03 -0800, Rosemary wrote:
Hello,
I am currently designing a AD\DNS 2003 architecture. One of our
requirements is to allow reverse lookup all the way to the desktop. Of
course we would like to hide our AD structure, and we are looking at having 3
Forests (that will have trusts).
Also it has not been agreed upon if W2k3 DNS will be allowed to coexist with
current DNS, currently using BIND.
Any ideas?
|
|
|
| Back to top |
|
|
John Smith
Guest
|
| Posted:
Sat Jan 15, 2005 1:48 am Post subject:
Re: DNS Reverse lookup to the client |
|
|
are you using private IPs internally then? if so, you will have to go w/
split DNS. To the best of my (limited) knowledge AD is not capable of
'hiding' IP's if they are on the same server...BIND can, stick w/ BIND,
atleast externally, with your win2k3 dns servers on the inside - then if
you want, set them to forward queries to your external/BIND servers.
Internal users will only use internal DNS servers, which will forward
requests to your BIND servers if need be, which in turn can forward
queries to the root servers or your isp's dns servers.
i'm sure others would do it differently, this is just how i would do it if
you want to hide internal address spaces from external users, when
dealing w/ win2k3 dns.
On Fri, 14 Jan 2005 11:37:03 -0800, Rosemary wrote:
| Quote: | Hide AD from External users.
Currently our external DNS server has the reverse lookup info.
"John Smith" wrote:
you want to hide your AD structure from whom? internal or external
users?
On Fri, 14 Jan 2005 11:09:03 -0800, Rosemary wrote:
Hello,
I am currently designing a AD\DNS 2003 architecture. One of our
requirements is to allow reverse lookup all the way to the desktop. Of
course we would like to hide our AD structure, and we are looking at having 3
Forests (that will have trusts).
Also it has not been agreed upon if W2k3 DNS will be allowed to coexist with
current DNS, currently using BIND.
Any ideas?
|
|
|
| Back to top |
|
|
Rosemary
Guest
|
| Posted:
Sat Jan 15, 2005 2:05 am Post subject:
Re: DNS Reverse lookup to the client |
|
|
We are not using private IPs.
"John Smith" wrote:
| Quote: | are you using private IPs internally then? if so, you will have to go w/
split DNS. To the best of my (limited) knowledge AD is not capable of
'hiding' IP's if they are on the same server...BIND can, stick w/ BIND,
atleast externally, with your win2k3 dns servers on the inside - then if
you want, set them to forward queries to your external/BIND servers.
Internal users will only use internal DNS servers, which will forward
requests to your BIND servers if need be, which in turn can forward
queries to the root servers or your isp's dns servers.
i'm sure others would do it differently, this is just how i would do it if
you want to hide internal address spaces from external users, when
dealing w/ win2k3 dns.
On Fri, 14 Jan 2005 11:37:03 -0800, Rosemary wrote:
Hide AD from External users.
Currently our external DNS server has the reverse lookup info.
"John Smith" wrote:
you want to hide your AD structure from whom? internal or external
users?
On Fri, 14 Jan 2005 11:09:03 -0800, Rosemary wrote:
Hello,
I am currently designing a AD\DNS 2003 architecture. One of our
requirements is to allow reverse lookup all the way to the desktop. Of
course we would like to hide our AD structure, and we are looking at having 3
Forests (that will have trusts).
Also it has not been agreed upon if W2k3 DNS will be allowed to coexist with
current DNS, currently using BIND.
Any ideas?
|
|
|
| Back to top |
|
|
William Stacey [MVP]
Guest
|
| Posted:
Sat Jan 15, 2005 9:34 pm Post subject:
Re: DNS Reverse lookup to the client |
|
|
It is simple. Use a split dns. Does not matter if external domain name is
same as internal or if different - the zones will be (should be) different
anyway. Keep you private stuff private and publish the only stuff on the
external side that you want published. Your AD stuff will be internal only.
You really don't want external users to have PTR records to your internal
machines - do you? Naturally VPN is different issue as that is an extension
of the internal network.
--
William Stacey, MVP
http://mvp.support.microsoft.com
"Rosemary" <Rosemary@discussions.microsoft.com> wrote in message
news:732CBE0F-0728-44D4-A1BB-7E442ADB3A3D@microsoft.com...
| Quote: | Hello,
I am currently designing a AD\DNS 2003 architecture. One of our
requirements is to allow reverse lookup all the way to the desktop. Of
course we would like to hide our AD structure, and we are looking at
having 3
Forests (that will have trusts).
Also it has not been agreed upon if W2k3 DNS will be allowed to coexist
with
current DNS, currently using BIND.
Any ideas?
--
Thank you,
Rosemary |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in