?
Solved

External dns of my own

Posted on 2003-03-02
3
Medium Priority
?
143 Views
Last Modified: 2010-05-18
i am having a t1 installed.  i'll be running this through a ciso 1760 router and using checkpoint firewall.  I'd like to run my own dns server between the router and the firewall so it would be my external dns and cut out the isp's dns server.  i'd also put mx records on it to point to me to host my email.  any tips or sharing of experience would be appreciated
0
Comment
Question by:marcwidz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Expert Comment

by:samri
ID: 8055588
hi marcwidz,

You can have one server behind the firewall to be the DNS server to server public dns.  You just need to allow 53 TCP+UDP traffic (both direction) on the firewall.

In most cases, you would need to register a domain name somwehere, and in most cases (IMHO) the registrar would be willing to be your secondary DNS.

cheers.
0
 

Expert Comment

by:Gruff66
ID: 8058151
As above. If you configure MS Server as a DNS server and have that behind your firewall, you can register as a Primary DNS for your domain and get your ISP to be secondary. You then need to configure your DNS server to have SOA records which contain your A and MX records to point to various hosts in your domain.

Biggest issue seen is normally the Serial Number (Increment) for the SOA. By default this will be set at 1 initially in MS DNS, but your ISP is likely to use the format yyyymmddii (where ii is the increment number). As a primary your serial number must be higher than theirs to get them to update their records.

You can set up Notify servers in the DNS server config to allow your DNS server to send out update requests to the secondaries, and then tailor your rulebase to only allow those secondary servers access to your DNS server (bit more secure than using ANY)

Allow port 53 (UDP and TCP) between your DNS and theirs and you should have no probs.

Checkpoint has a group of services already configured so that should make it easier. Just make sure your ISP (if applicable) is allowing these ports through the 7206... sometimes they stick ACLs on the routers <sigh>

G
0
 
LVL 15

Accepted Solution

by:
samri earned 300 total points
ID: 8058790
>>Biggest issue seen is normally the Serial Number (Increment) for the SOA. By default this will be set at 1 initially in MS DNS, but your ISP is likely to use the format yyyymmddii (where ii is the increment number). As a primary your serial number must be higher than theirs to get them to update their records.

I think ISP would be pulling the record from the Primary, and should be fine (unless the ISP manuall edit the zone file -- they should not).  The DNS master/slave should be working fine.

just a note.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question