• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 325
  • Last Modified:

DNS requests

I am splitting up our network, in to mutiply subnets. But will still be keeping a single DNS server that will hold both public and private ip.

How can I insure that internaly users can resolve both private and public address from DNS. while people comming in externaly will only ever see the public range?

The reason is that we are a sub network of a larger orgination. so while our servers will remain on the public IP address range (so every one can see them) or PC/Printers will move to a private IP range. they will still internaly be able to route through to the servers, but Private address will not be allowed on the WAN link to our parent company.

PC will NAT to the out side, so I dont want outside PC's picking up there Private address, both for swecurity resons and becasue the will nto be able to route back to the PC's anyway

Is there any way with out setting up two DNS servers. that I can do this?

Thank you
0
Aaron Street
Asked:
Aaron Street
  • 3
  • 3
1 Solution
 
Chris DentPowerShell DeveloperCommented:

It depends.

Which DNS server is it?

MS DNS cannot do it, BIND can (using Views). I can't speak for the other DNS servers (TinyDNS, djbdns, etc).

Chris
0
 
Aaron StreetInfrastructure ManagerAuthor Commented:
Ahh it is microsoft! that could cause a problem if we can't do it!

Only alternitive would be to have mutiply DNS servers and I dont realyl want to do that!
0
 
Chris DentPowerShell DeveloperCommented:

Unfortunately you're a bit restricted with MS DNS. It's got a pile of features that make it really useful for AD domains, but not much that makes it great for public hosting (ability to restrict who can and cannot query a zone, etc).

Chris
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Aaron StreetInfrastructure ManagerAuthor Commented:
In which case how easy is it to set up two DNS servers. one that resolves one address range and another that resolves another address range. but still all under the same dns name space?

is this practical?

Idealy we would like to keep it tied in to AD.

0
 
Chris DentPowerShell DeveloperCommented:

For MS you'd need two separate servers (cannot install two instances of the MS DNS service), which is a pain.

As for keeping it tied to AD, you mean using AD Integrated Zones? If they're public that would be a bad idea (in my opinion) as you lose control of the NS and SOA records, something that will upset clients who cache your NS records.

Chris
0
 
Aaron StreetInfrastructure ManagerAuthor Commented:
Sorry I was talking about the internal side of the DNS.

Also when I am talking public IP's I acutly mean IP that or partent company can resolve and route to (they are in the public IP range but are not actuly contactable publicy, nor can mambers of the Public actuly send requests to our DNS servers.

I am jsut trying to get the generaly ideas here. Sound like I was thinking along the correct tracks, just going to be a bit more of a pain than I thought.

I think what i will do is set up some new DNS servers for the private ranges, all the internal PC's use, and then forward requests upwards if they need to contact the servers on the public range.

yipeeee!! sounds like I got some fun times ahead ;) thanks for all the help
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now