Bigjohn-s
asked on
DNS / Active Directory with external router/WAN connection?
Guys -
It's been quite a while since I've set up AD/DNS, and that was in a corp. environment with a networking group to do the DNS stuff...
I have donated my time to a museaum to set up new computers for them. Server is WIN2k running AD / integrated DNS.
Here is my config: WAN/Router/firewall (DSL line). Servers and workstations will have static inside (private) addresses.
My question - how to make the SERVER DNS provide OUTSIDE resoulution (internet sites like this one!) to the users inside? I know this is an easy one for you guys.
Thanks.
John
It's been quite a while since I've set up AD/DNS, and that was in a corp. environment with a networking group to do the DNS stuff...
I have donated my time to a museaum to set up new computers for them. Server is WIN2k running AD / integrated DNS.
Here is my config: WAN/Router/firewall (DSL line). Servers and workstations will have static inside (private) addresses.
My question - how to make the SERVER DNS provide OUTSIDE resoulution (internet sites like this one!) to the users inside? I know this is an easy one for you guys.
Thanks.
John
ASKER
I must have not been clear.
I want to point the workstations to the internal DNS and have the internal DNS get its information from the WAN regarding locations of websites. WE're not hosting a site on premises.
so - user at PC 10.0.0.5 has DNS set to server (10.0.0.20). I've only got the default configuration for DNS that happens when you install AD. I think that has ONE forward lookup zone.
What do I need to do to make certain that user at PC 10.0.0.5 can: a)authenticate with the local AD server (only one server on this net...), and surf the web?
John
I want to point the workstations to the internal DNS and have the internal DNS get its information from the WAN regarding locations of websites. WE're not hosting a site on premises.
so - user at PC 10.0.0.5 has DNS set to server (10.0.0.20). I've only got the default configuration for DNS that happens when you install AD. I think that has ONE forward lookup zone.
What do I need to do to make certain that user at PC 10.0.0.5 can: a)authenticate with the local AD server (only one server on this net...), and surf the web?
John
Use a Forwarder in the DNS Properties. You want to configure the forwarder to be the DNS server of your ISP. This way your DNS will resolve internal resources and if a user wants out on the Internet, DNS querys will be forwarded to the ISP for resolution.
ASKER
Is that correct? My fear was that 'forwarder' would make my DNS tell the 'WORLD' about stuff inside - thus creating security problem.
No - a forwarder will "Forward" requests that cannot be resolved locally.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok. 2 questions:
how do I add this forwarder, and where do I look in the DNS for the "."
I'm not using DHCP because it's a very small operation (3 users one server) and I don't want anyone plugging into the network and getting an address.
how do I add this forwarder, and where do I look in the DNS for the "."
I'm not using DHCP because it's a very small operation (3 users one server) and I don't want anyone plugging into the network and getting an address.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks guys
Nono, Thank you!
You best bet is to run a firewall and a DMZ, place your Webstuff and external DNS there, and the Museum intranet inside the firewall.
A little different configuration, but much safer.