?
Solved

Setting up ,Hosting, External DNS

Posted on 2007-10-12
4
Medium Priority
?
1,450 Views
Last Modified: 2013-12-04
We are trying to Host our own DNS server, we are hoping this will make it easier for us to make changes to our environment as some of our servers are internet facing. Server is built running 2K3 R2 w/ SP2 ,i have installed DNS and am not sure what the next steps are ? The DNS server will be set up on our DMZ, and will furnish requests for webmail, website and 2 other servers. From what i understand, the external DNS is not supposed to see/talk to internal DNS ( for security purposes ) ?? Any assistance in this matter will be appreciated.

regards,

ST
0
Comment
Question by:zore
4 Comments
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 20069120
You are correct.  You want your external DNS server to service only requests from external hosts to provide access to your web servers that are open to external access.  You would want your internal DNS server to be behind your firewall providing DNS only for your internal (private) network.  As for your external DNS server, the only other things you need to do are (1) make sure the firewall between your DMZ and the Internet has port 42 open for incoming requests; and (2) make sure that your domain name registry has the correct DNS IP address(es) and host name(s) (for your new DNS server) registered as the authoritative DNS server(s) for your domain.
0
 
LVL 9

Expert Comment

by:Brugh
ID: 20069122
Your domain name registrar doesn't give you full DNS controll?

Messing with public Windows Servers is a bit of a security nightmare. :)

0
 
LVL 4

Expert Comment

by:infotactix
ID: 20071317
I agree with Brugh in that security for a public Windows server is problematic. Have you considered running a dedicated Linux server as your public DNS? One very simple and secure option is Engarde Secure Linux (http://www.engardelinux.org/). It's easy to install and can be administered through a web GUI.

Another option to consider is to use an outside service and not run your own server at all. I have used DNS Made Easy (http://www.dnsmadeeasy.com). It's easy, it's inexpensive and I think it will do everything you need.
0
 
LVL 4

Accepted Solution

by:
itquestions earned 750 total points
ID: 20072829
Point the dns server dns settings under the tcp/ip configuration itself.  Under the forward lookups, configure the dns settings to at least two different outside addresses (your isp may have given you these).

This will help to ensure that all systems internally go to this server first, it checks itself first, then if nothing is found, it tries to go to the forward addresses (outside).  As for the internet facing servers, hopefully they are behind some firewalls.  On the firewalls, you can allow web requests with routing, but the external addresses that say xyz.com website has will have a host/pointer record associated with it.  What you are doing is this...

If web traffic comes in looking for the webserver 55.555.55.555 address, the isp points it to you.  Your firewall says hey, this has a route, so let it through.  Now the dns server grabs the info and looks at the host table.  It says address 55.555.55.555 goes to server ABC, so it sends the traffic there.

Going forward from what Brugh said, your isp/domain registar should allow you to specify what the ip is of the domain(s) in question are.  This is helpful if the addresses point to different IP addresses assigned to you by your isp.  If you setup the dns server on the dmz, you have to have some method of that server talking to your internal network (e.g. port udp/tcp 53 open to pass dns traffic) since the dmz is a stand alone setup.  This is a great security setup, but a little more complicated to manage/setup initially.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Integration Management Part 2
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question