How configure Windows Server 2012 for External/Public DNS?

Hi,

I have Windows Server 2008 R2 AD integrated DNS with single domain for internal and external purpose. Now we need to split our DNS in to two to disable the open recursion. As we have only 1 domain, what are the steps to create a standalone Windows Server 2012 based DNS for external/public purposes. I am attaching a screenshot of my existing DNS,
TAMUQITSAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rhandelsCommented:
Hey,
Do you mean that your DNS server is exposed to the outside world so users can access internal resources on FQDN?? I don;t believe you can actually split up 1 DNS zone into 2 servers.
The question is what would you like to achiev? Normally a setup of DNS contains an internal and an external DNS. Meaning you would have 1 DNS server for internal resolvance, mostly AD integrated (for secure sync) and 1 external standalone in a DNS zone if you would actually like to manage your own external DNS zone.

Lang story short, i think we need some more info to give solid advice.
0
TAMUQITSAuthor Commented:
Yes, we would like to manage our own External DNS server.

Yes, we want to use our existing DNS as our internal AD integrated and build a new DNS server for External purposes.
0
rhandelsCommented:
Are you using 1 domain? I would go for an internal DNS domain and an external one. You can still use the same names for your services. So let's say you have webmail and you want to add it internally you would have webmail.domain.local and externally a domain called webmail.domain.com (externally).

If you split your domain into 2 DNS servers (even if it is possible) i believe your DNS request will go awire..
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

TAMUQITSAuthor Commented:
Yes, we have only one domain, lets suppose abc.com and I am afraid if we can change it. Can we use the same name for both DNS servers?
0
rhandelsCommented:
To be honest i don't believe you can and even if you could, you could never use the same IP adres, this is not a very good idea.

Don't you have an option to only service internal DNS request internally and let your ISP run the external one for you?? I believe the only other option you have is using split DNS.
0
TAMUQITSAuthor Commented:
Well, we want to split our DNS. For sure, we will use different IPs.
0
rhandelsCommented:
But if you would like to do this you would actually need 2 domains (internal and external) otherwise your users will have issues resolving domain names. Do you think that that is an option??
0
TAMUQITSAuthor Commented:
Well, I don't know how will it affect our existing setup as it is AD integrated. What do you think, how much will it affect our existing AD setup?
0
rhandelsCommented:
It depends on why you would like to have your own external DNS name. Is the internal DNS name the same as the external DNS name? And if so, is it actually needed to be like this? How large is your DNS organisation? If you have for example a few hundred machines internally and you only need a few external links you'd better ask your ISP to host these records for you, this is much easier..

And yes, you can;t just change an AD integrated setup and allow external machines to query it.
0
DrDave242Commented:
First off, it should be said that using the same name for your internal (AD) and external (registered) domain isn't a great idea. However, it isn't too difficult to set up, but it's important to keep the two domains separate. Even though they'll have the same name, they'll be two independent namespaces, and you'll want them to stay that way to avoid confusion and maintain security.

You don't need to change anything in your internal domain to make this work, at least not initially. The external DNS server should not be a member of the domain; just leave it in a workgroup. Place it somewhere it can be queried from the internet (after installing all available Windows updates, of course). Install the DNS Server role and add the abc.com (or whatever) forward lookup zone, then create whatever public DNS records you need.

Remember that your internal users will not be able to query that server for resolution of names in the abc.com domain, since all of those queries will be handled by the internal DNS server, and DNS data won't be replicating between them in any fashion. You may occasionally have to create the same records on both servers for that reason. (If you have an externally hosted website at www.abc.com, for example, you'll have to create a www host record on both servers so that both internal and external users can find it.)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.