external DNS servers (quick question)

Posted on 2004-12-01
Last Modified: 2010-08-05
Do most companies house their own externals DNS servers?  and do they have two types of external DNS servers?

1.  One DNS server that queries the root servers (for their internal client's requests. So clients are set to forward to this )

2. And another DNS server that resolves names for clients from the outside (who are trying to find the companies webserver etc.)

Wouldnt it be better to keep the two separate.  
Question by:dissolved
    LVL 3

    Assisted Solution

    I believe DNS servers are set up in a chain-like fashion, that go well out of the enterprise itself.

    Your No. 1 server will normally exist in a company, but when queried, it will then query another DNS server on the outside for the client, normally the ISP hosts this server.  Eventually that client will be simply given an IP address for the name (eg, that wish to access.  When the IP address is queried the request is able to be routed through the internet.

    For No. 2, a company wouldn't have a DNS server for the hosting of remote access servers (web servers, etc), the DNS would be handled at the client end (who would be querying the webserver, for example, No.1), and eventually be given an IP address to the company, or one of many servers within a company.  Once the request reaches that IP address, the company servers can route the request internally to the appropriate server if required (normally used with port forwarding etc, where there are a number of servers hosting different services behind the one external IP address).

    Hope I haven't confused you!

    LVL 7

    Accepted Solution

    Typically, people keep at least two domains, one internal and one external.  For devices that are internal , you use a namespace that does not match your external namespace.  So if you are externally, you are internally.  This helps prevent people from using your DNS server to map your internal network.

    That said, you can host both the namespaces on the same server, but best practices says you should have separate servers for internal and external.  

    Most people own their internal DNS servers -- I don't know of anyone who hosts that offsite.  The internal servers resolve requests both internally and externally to the Internet.  All your clients point to these boxes.

    Many people do not own the servers that contain their external DNS information.  Largely it's because it isn't worth the bother or cost to host them.  Let your ISP do it for you -- it is typically pretty inexpensive.
    LVL 1

    Assisted Solution

    Well dear,
    u r very very right... there has to be more than one server. Ollie is right that servers are in the chain configuration. But what we do in the internet business is that some ISP has its own server working for DNS, with autmotic secure update from another server. This way the server serves for the internal organization as well as for internet. In Windows it is very easy,just enable Allow Secure Updates Only and u have done that. In Linux, however, you have to write the code for that... and its simple...

    To give u a better understanding, what happens is... that DNS servers have levels as well. When u go out from ur gateway, u first go to a DNS server. The DNS server will either resolve the address itself, or ask its next DNS server. DNS server is not so stupid to keep a trillion of websites with him for resolution, it just knows the paths... for example for, it may get directed towards one server, yet for .net, it may go to some other server. But the hierarchy is maintened at the DNS level. Sometimes the access is blocked or restricted for one ISP, so u wont find the webaddress working under that ISP.....
    the topic is pretty simple, yet long.... hope u have got fair idea of that....

    happy understanding ;)

    LVL 7

    Expert Comment

    If you're asking what I think you're asking, the answer is usually no and no, unless the company is an ISP or telecommunications company who already has that for other purposes.  If I read your question correctly, you're talking about internet DNS one way and the other, and not intranet.  Normally, a company will run DNS internally, but it is for Windows network name resolution, like returning an IP address when you do something like "ping mailserver1"  Internal DNS (used to be called WINS, has been called DNS since Win2k Server) just resolves names to addresses on your LAN as a fuinction of NetBIOS etc for the purposes of filesharing, remote management etc.  As far as internet DNS, regardless of whether it be incoming or outgoing, it's normally done at the ISP or telco provider level, although many gateways, servers, etc will cache the last several hundred to several thousand requests in a revolving cycle just to save bandwidth/overhead etc.  It's a heirarchy, your browser (when on LAN) will check its own cache, then your server's cache, if your server doesn't have it, it checks with your ISP, if your ISP doesn't have it, checks with a core server, etc etc

    Author Comment

    thanks everyone

    I currently have 3 internal DNS servers. Its ADintegrated using dynamic DNS. They query my ISP's DNS for stuff they cant resolve.

    I have one external DNS housed here. This isnt affiliated with my AD structure at all. It's just a win2k box running nothing but DNS. I disabled recursion on it and removed the root servers. It strictly for clients resolving addresses of my externally accessible boxes.

    Author Comment

    Thanks Focusyn. I would of given you points, but I think I was splitting points while you were typing your answer. Bad timing.

    Basically, you guys answered it. External servers are kept at ISPs usually.  The company must use some type of interface or control panel right? Otherwise, the ISP would have to do all the changes.

    Let's say I host my own website. When outside users want to access it, they will eventually query my name server to find the address. Is the name server they query, going to be the same one my internal clients use to resolve internet names?

    So basicall in other words: Does the external server both resolve queries for my internal clients, and for people on the internet trying to find my website I have in the company
    LVL 3

    Expert Comment

    In this case... your internal DNS servers work for your internal clients; it is very likely your domain name is directed to another company's nameservers (a lot cheaper this way). From there, any requests basically end up at your external IP (but the outside client sees your domain name).

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now