Jump to content

Whose DNS do I use for Win2K3 R2 IIS in DMZ?

Guest Tankster

By Guest Tankster
in Windows 2003 Server

 Share

Recommended Posts

Guest Tankster

Guest Tankster

Posted
Posted

I have a newly installed server running IIS that I want to put in a DMZ. My

question is whose DNS servers will the machine reference?

There will not be a DNS server in the DMZ and I'm pretty sure I don't point

to my internal AD/DNS servers (would have to open more holes in firewall),

but yet my internal users need to be able to ftp web changes up to the

server... how is this normally done? Is it just standard for the traffic to

just "loop" through the firewall since if I use the ISP's DNS, I would think

that since it would resolve to the public IP(s) of the firewall, that it will

hit the outside port and come back through... Am I thinking right on this, or

is there some implementation scheme I need to look at?

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Mathieu CHATEAU

Guest Mathieu CHATEAU

Posted
Posted

Re: Whose DNS do I use for Win2K3 R2 IIS in DMZ?

 

Hello,

 

Just manually add an entry in your internal DNS Server that point to the DMZ

ip (internal) of the server.

 

Most firewall won't like going out and in again (won't work).

It would be the same for the web site on this server. You can google "split

dns"

 

--

Cordialement,

Mathieu CHATEAU

English blog: http://lordoftheping.blogspot.com

French blog: http://www.lotp.fr

 

 

"Tankster" <Tankster@discussions.microsoft.com> wrote in message

news:4475B1F2-747B-41C5-9CB4-1925FB5F3BEB@microsoft.com...

>I have a newly installed server running IIS that I want to put in a DMZ. My

> question is whose DNS servers will the machine reference?

> There will not be a DNS server in the DMZ and I'm pretty sure I don't

> point

> to my internal AD/DNS servers (would have to open more holes in firewall),

> but yet my internal users need to be able to ftp web changes up to the

> server... how is this normally done? Is it just standard for the traffic

> to

> just "loop" through the firewall since if I use the ISP's DNS, I would

> think

> that since it would resolve to the public IP(s) of the firewall, that it

> will

> hit the outside port and come back through... Am I thinking right on this,

> or

> is there some implementation scheme I need to look at?

Guest Tankster

Guest Tankster

Posted
Posted

Re: Whose DNS do I use for Win2K3 R2 IIS in DMZ?

 

Split DNS...So if I'm looking/thinking about this correctly, I will add my

..com zone to my DNS, create host records for those hosts but instead of them

being the public addresses, they will be internal addresses so that when

internal users look up those host names it will match against something

already in my zone info. But what about the DNS on the DMZ server, if I

reference the ISP's DNS, they will definetely resolve to the public IP

address and it seems like this will be an issue for my internal users.

 

"Mathieu CHATEAU" wrote:

> Hello,

>

> Just manually add an entry in your internal DNS Server that point to the DMZ

> ip (internal) of the server.

>

> Most firewall won't like going out and in again (won't work).

> It would be the same for the web site on this server. You can google "split

> dns"

>

> --

> Cordialement,

> Mathieu CHATEAU

> English blog: http://lordoftheping.blogspot.com

> French blog: http://www.lotp.fr

>

>

> "Tankster" <Tankster@discussions.microsoft.com> wrote in message

> news:4475B1F2-747B-41C5-9CB4-1925FB5F3BEB@microsoft.com...

> >I have a newly installed server running IIS that I want to put in a DMZ. My

> > question is whose DNS servers will the machine reference?

> > There will not be a DNS server in the DMZ and I'm pretty sure I don't

> > point

> > to my internal AD/DNS servers (would have to open more holes in firewall),

> > but yet my internal users need to be able to ftp web changes up to the

> > server... how is this normally done? Is it just standard for the traffic

> > to

> > just "loop" through the firewall since if I use the ISP's DNS, I would

> > think

> > that since it would resolve to the public IP(s) of the firewall, that it

> > will

> > hit the outside port and come back through... Am I thinking right on this,

> > or

> > is there some implementation scheme I need to look at?

>

>

Guest Mathieu CHATEAU

Guest Mathieu CHATEAU

Posted
Posted

Re: Whose DNS do I use for Win2K3 R2 IIS in DMZ?

 

All your servers would point to your DNS.

You may have both internal DNS (AD) and "public" DNS in a DMZ.

 

You may also have an AD domain in your DMZ.... Just need to choose where you

covers most of your risk versus costs

 

For FTP, I don't see any issue with dns from the server point of view

--

Cordialement,

Mathieu CHATEAU

English blog: http://lordoftheping.blogspot.com

French blog: http://www.lotp.fr

 

 

"Tankster" <Tankster@discussions.microsoft.com> wrote in message

news:FC8B52CB-5949-4BFE-B1EA-B345299C4B5D@microsoft.com...

> Split DNS...So if I'm looking/thinking about this correctly, I will add my

> .com zone to my DNS, create host records for those hosts but instead of

> them

> being the public addresses, they will be internal addresses so that when

> internal users look up those host names it will match against something

> already in my zone info. But what about the DNS on the DMZ server, if I

> reference the ISP's DNS, they will definetely resolve to the public IP

> address and it seems like this will be an issue for my internal users.

>

> "Mathieu CHATEAU" wrote:

>

>> Hello,

>>

>> Just manually add an entry in your internal DNS Server that point to the

>> DMZ

>> ip (internal) of the server.

>>

>> Most firewall won't like going out and in again (won't work).

>> It would be the same for the web site on this server. You can google

>> "split

>> dns"

>>

>> --

>> Cordialement,

>> Mathieu CHATEAU

>> English blog: http://lordoftheping.blogspot.com

>> French blog: http://www.lotp.fr

>>

>>

>> "Tankster" <Tankster@discussions.microsoft.com> wrote in message

>> news:4475B1F2-747B-41C5-9CB4-1925FB5F3BEB@microsoft.com...

>> >I have a newly installed server running IIS that I want to put in a DMZ.

>> >My

>> > question is whose DNS servers will the machine reference?

>> > There will not be a DNS server in the DMZ and I'm pretty sure I don't

>> > point

>> > to my internal AD/DNS servers (would have to open more holes in

>> > firewall),

>> > but yet my internal users need to be able to ftp web changes up to the

>> > server... how is this normally done? Is it just standard for the

>> > traffic

>> > to

>> > just "loop" through the firewall since if I use the ISP's DNS, I would

>> > think

>> > that since it would resolve to the public IP(s) of the firewall, that

>> > it

>> > will

>> > hit the outside port and come back through... Am I thinking right on

>> > this,

>> > or

>> > is there some implementation scheme I need to look at?

>>

>>

 Share
Go to topic listing
×
×
  • Create New...