atmear
asked on
How to setup External DNS - Correctly
OK-
I need to set up an NS1 and NS2 box for External DNS. (we host our own dns)
Situation- I want them to be behind the firewall and I am going to NAT the traffic through.
I would prefer this not to be an AD intergrated DNS zone. Is this possible to do?
LMK what an "ideal" situation would be...
I need to set up an NS1 and NS2 box for External DNS. (we host our own dns)
Situation- I want them to be behind the firewall and I am going to NAT the traffic through.
I would prefer this not to be an AD intergrated DNS zone. Is this possible to do?
LMK what an "ideal" situation would be...
ASKER
Great Document... Thank You
One other Question: I am running a AD domain (i will call it) domain1.com The domain we use on the inside is actually our FQDN on the outside. Knowing that... Currently I have the 2 servers configured as ns1.domain1.com and ns2.domain1.com. I created a primary and secondary and both boxs seem to be working fine (out of production)... As you stated, it would be ideal to have the DNS services integrated into AD. To do so, I would have to step on my current AS structure. So to clarrify and understand what your saying, should I do as follows? Create a new AD forest for example domain2.com and have the server names ns1.domain2.com and ns2.domain2.com? In that suggested scenario, I am creating the enviroment for DNS and active directory to coinside....
Thanks for your help,
ATM
One other Question: I am running a AD domain (i will call it) domain1.com The domain we use on the inside is actually our FQDN on the outside. Knowing that... Currently I have the 2 servers configured as ns1.domain1.com and ns2.domain1.com. I created a primary and secondary and both boxs seem to be working fine (out of production)... As you stated, it would be ideal to have the DNS services integrated into AD. To do so, I would have to step on my current AS structure. So to clarrify and understand what your saying, should I do as follows? Create a new AD forest for example domain2.com and have the server names ns1.domain2.com and ns2.domain2.com? In that suggested scenario, I am creating the enviroment for DNS and active directory to coinside....
Thanks for your help,
ATM
If your FQDN is also your regular domain name, I would create one DNS server with a primary zone on it for your company for external use, and I would configure two domain controllers internally with DNS that is AD integrated so you have a backup. This is what you would do in a real world scenario. This also helps to keep your network secure.
ASKER
I am a bit lost...
So are you saying to "not" bring up a new AD domain?
And, just bring up one box attached to my current domain (which has the same FQDN) with the external DNS records?
Not so sure how that would work... so I believe I just do not understand.
Let me clarrify. I want to bring up to external DNS servers behind the firewall. The DNS servers would route traffic to my FQDN along with other FQDN's. But, my actuall AD Domain name is also my FQDN. So should I just Bring up two new servers, put them in ns1.new domain.com.?
MSN-atmear@hotmail.com (If I can not understand what your saying and you would like to have a more detailed realtime conversation)
Thank You!
So are you saying to "not" bring up a new AD domain?
And, just bring up one box attached to my current domain (which has the same FQDN) with the external DNS records?
Not so sure how that would work... so I believe I just do not understand.
Let me clarrify. I want to bring up to external DNS servers behind the firewall. The DNS servers would route traffic to my FQDN along with other FQDN's. But, my actuall AD Domain name is also my FQDN. So should I just Bring up two new servers, put them in ns1.new domain.com.?
MSN-atmear@hotmail.com (If I can not understand what your saying and you would like to have a more detailed realtime conversation)
Thank You!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The answer I selected as the "winner" is not exactly the answer to my question... but by reading all of his responses you can determine the correct answer.
Thanks!!
Thanks!!
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q300202
You don't have to use AD integrated DNS, however, this makes a good failover when used.