Where to place Primary DNS in relation to Firewall?
Amy Bratty (SD)
abratty at comps.com
Mon Aug 21 17:45:34 UTC 2000
Does one need an external DNS .. for others to lookup the domain? I have an
internal DNS..with a secondary on a totally different server. I've tried
looking up the domain without success.
-Amy
> -----Original Message-----
> From: Hoosier Daddy [SMTP:hoosierd at iplweb.DOT.org]
> Sent: Sunday, August 20, 2000 7:40 PM
> To: comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: Where to place Primary DNS in relation to Firewall?
>
>
> On 19 Aug 2000 14:57:38 -0700, "Michael Groover" <mgroover at clark.net>
> wrote:
>
> >I am in the process of bringing up a new site. We have two external DNS
> >servers and two internal DNS servers. I am new to DNS so I am uncertain
> of
> >what the best way to configure my zones.
>
> How big is the site? Do you own your IP numbers?
>
> >IDEA ONE
> >
> >Internal DNS A ( Primary )
> > Forwards to External DNS A; External DNS B;
> > ISP DNS A; ISP DNS B
> >
> >Internal DNS B ( 2nd to Internal DNS A )
> > Forwards to Internal DNS A;
> > External DNS A; External DNS B;
> > ISP DNS A; ISP DNS B
> >
> >External DNS A ( Primary )
> > Forwards to ISP DNS A; ISP DNS B
> >
> >External DNS B ( 2nd to External DNS A )
> > Forwards to External DNS A;
> > ISP DNS A; ISP DNS B
> >
> >IDEA TWO
> >
> >Internal DNS A ( Primary )
> > Forwards to External DNS A; External DNS B;
> > ISP DNS A; ISP DNS B
> >
> >Internal DNS B ( 2nd to Internal DNS A )
> > Forwards to Internal DNS A;
> > External DNS A; External DNS B;
> > ISP DNS A; ISP DNS B
> >
> >External DNS A ( 2nd to Internal DNS A)
> > Forwards to ISP DNS A; ISP DNS B
> >
> >External DNS B ( 2nd to Internal DNS A )
> > Forwards to External DNS A;
> > ISP DNS A; ISP DNS B
> >
> >Any other ideas?
>
> Either will work, but why so many?
>
> >Also How inportant is it the have you ISP be a 2nd to you primary DNS?
>
> You should have a secondary DNS server (or more) at a physically different
> location from the primary. It doesn't have to be your
> ISP at all.
>
> --
> Hoosier Daddy!
> --
>
More information about the bind-users
mailing list