Need Clarification : DNS translated Addresses

Thu Jan 18 14:02:29 UTC 2001

Greetings

I have noticed much discussion about internal and external dns for 
translated ip addresses. I need a little clarification on what is the 
correct setup to provide dns to translated addresses (ip nat) and 
still provide the same dns services i currently hold.

here is my current setup:

((iNet))-----[ router/switch 1 running NAT ]
		|	|	|	|
	IP	|fake	|real	|real	|--real-{Primary DNS/MAIL}
	LAN	A	B	C	D

My current project has me setting up the classic DMZ to firewall to 
internal Network. Inside the internal network I will have a mix of 
Real and fake addresses.

((iNet))-----------[ Router/Switch 1 running NAT]
			|
			|
			|---DMZ--
			|
			|
		{ IPF/Firewall }
			|
			|
		[ router/switch 2 running NAT ]
		|	|	|	|
		|	|	|	|
	LAN	A	B	C	D

My Question is: where do I place My primary DNS & MAIL? Do I place it 
behind the firewall? If yes I assume I must open port 53 UDP/TCP.
or
Do I place it in the DMZ? If yes, do I set up a Secondary Server 
behind the firewall?

What is the proper way to deal with "FAKE" addresses ; ie 10.1.1.1
yes these are translated to a real address, but what is the proper 
way to resolve these addresses for internal use and maintain outside 
services?

Info, recommendations, flames, and general discussions welcome

--jeff
-- 
------------------------------------------------------------------------
Jeff Donovan                    Network Analyst
Bethlehem Area School District  Information & Communication Technologies
Bethlehem, PA  18020            (610) 807-5571  jdonovan at beth.k12.pa.us