Yes, there is.
Jonathan de Boyne Pollard
J.deBoynePollard at Tesco.NET
Thu Aug 19 04:43:24 UTC 2004
PRA> forwarders {
PRA> 10.0.0.1;
PRA> 192.168.2.10;
PRA> 192.168.2.5;
PRA> };
All of your forwardees must provide the same view of the DNS namespace
as one another. Since one of your forwardees is your Microsoft DNS
server and the other two are proxy DNS servers provided by your ISP,
this will not be the case.
Also, unconditional forwarding is *not* the best choice here. You have
already divided your DNS services into separate servers. You might as
well do things properly and have your Microsoft DNS server provide
(internal) content DNS service and your ISC DNS server provide proxy DNS
service.
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-server-roles.html>
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-monolithic-server-as-proxy.html#BIND>
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-monolithic-server-as-content.html#Microsoft>
PRA> 2) and is their any benfit for me to add a reverse lookup zone,
Yes. But add it on your Microsoft DNS server, not on your ISC DNS
server. (This has the added benefit, on top of the benefit of having
separate content and proxy DNS servers, of integrating better with your
Microsoft DHCP clients and DHCP server, if you are using them.) Let
your Microsoft DNS server, as the content DNS server, publish all of
your DNS database content.
Similarly, *don't* configure the DNS clients on your workstations to
talk directly to your Microsoft DNS server. Configure them to talk only
to your ISC DNS server.
PRA> if their is how do it do it.
Of all of the mainstream DNS servers, Microsoft's DNS server is the best
documented. Most of the "How do I" questions that people ask are
already covered in Microsoft's own product documentation. So always
stop at the product documentation first.
<URL:http://microsoft.com./resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/sag_DNS_pro_WorkingWithZonesNode.asp>
PRA> 3) hows can i get the DNS get the information for the LAN PC's
PRA> from my windows 2000 server DNS server.
Configure your ISC DNS server to provide "split horizon" DNS service, by
giving it "stub" "zones" for the relevant portions of the DNS namespace
whose data are held on your Microsoft DNS server (e.g. the
"10.in-addr.arpa.", "168.192.in-addr.arpa.", and "local.cfu.com."
"zones", for starters). Remove the unconditional forwarding.
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon.html>
PRA> 4) could this in any way make trouble to the Windows DNS server?
Not if you do things properly. If, however, you choose the wrong path
you'll hit problems further along. For example: If you unwisely choose
to put your reverse-lookup "zones" on your ISC DNS server instead of on
your Microsoft DNS server, you'll hit problems with secure Dynamic DNS
updates. For another example: If you unwisely choose to hold your
"zones" on both servers, you limit yourself to using only the lowest
common denominator DNS database replication mechanism, "zone transfer",
when not doing so would allow you to use other, better, ones instead.
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-incompatible-secure-updates.html>
More information about the bind-users
mailing list