Internal DNS Server with Connection to Internet

Kevin Darcy kcd at daimlerchrysler.com
Thu Feb 22 21:10:33 UTC 2001 

Just define the internal domain on your server and also define an Internet root
hints file. If it has direct access to Internet nameservers, then this should
be all that's necessary -- it will resolve mycompany.com from its authoritative
data, and any other domain from the Internet. If your nameserver only has
*limited* access to the Internet, then you may have to set up a forwarding
arrangement to your ISP's nameservers. Disallow external queries via an
"allow-query" ACL. In order for your internal clients to have a full view of
mycompany.com, the "internal" version of mycompany.com should also include the
external entries, i.e. you have to maintain the external entries in both
versions of the zone.


- Kevin

Jay wrote:

> I'm sure you are all tired of hearing this question. For many of us who have
> been connecting Microsoft based networks to the Internet, the closest we
> have come to having to deal with DNS is either to point our TCP/IP stacks to
> the DNS servers of our ISP or having our ISP host the MX and A resource
> records to point to our internal SMPT-based e-mail server. Now, with the
> advent of Active Directory, we must host our own internal DNS server.
>
> But, I don't want to provide DNS services to the Internet for our internal
> network. I'd rather not go through the effort of registering our DNS server
> with the Internic. Besides, we don't even have two servers, let alone two
> DNS servers to meet their requirements. Yet, we do have a registered domain
> (registered through our ISP) to address our e-mail server. And, the ISP will
> continue to host our MX and A resource records.
>
> I'm wondering. Can we simply have an internal DNS server that handles the
> internal name resolution requirements for "mycompany.com" yet allow our ISP
> to host "mycompany.com" on the Internet for the limited information that we
> wish to make public? Of course, if we do that, and our desktops point to the
> internal DNS server, how do they resovle true Internet addresses so we can
> still browse the Internet?

More information about the bind-users mailing list