DMZ Name Resolution Best Practice
Posted on 2009-07-01
Hello, my question is more of a design/best practice question, no real issue...
What is the best way to configure DNS/name resolution for servers in the DMZ for both internal name resolution as well as external resolution.
I'll start with Internal: If you have an application that needs access to a specific service behind the firewall, say for example a DB server. It obviously isn't best practice to use/hard code an IP address for the DB server in the configuration of the application needing access to the DB server so you are stuck with DNS name. Somehow we need to resolve the DNS name to an IP. Is it better to use the hosts file or use some type of DNS server? If DNS is the best method is it better to have a DNS server in the DMZ that houses a zone copy of internal records or is it better to pinhole the firewall and give access to an internal DNS server?
Use a DNS server in the DMZ that will perform recursive lookups or use an all together external server to perform the recursive lookups?
Any help would be greatly appreciated....