none
internal DNS and DMZ

    Question

  • Hi,

    I have many servers on the DMZ zone (web, dns et so on) and I want to configure correctly my AD DNS integrated server (Windows Server 2008 R2). I know with some research, that it is a best practice to use forwarders(to the dmz dns servers) and delete root hints to avoid users reaching the internet if those last are unavailable. But what I don't know is what to intregrate in my reverse lookup zone in my W2K8 server ?

    Topology

    In the Lan segment i have some vlans in this format : 172.16.x.x

    In the Dmz segment, it's all a public addresses infrastructure : 193.168.3.0 / 26

    Thank you in advance !

    Friday, October 04, 2013 6:52 PM

Answers

  •   Sounds reasonable to me. What do you want to change in the reverse lookup zone?

       I would think that all you need are reverse lookup zones for your AD machines. There is no need to resolve the DMZ machine(s) or the Internet sites to their names.


    Bill

    • Marked as answer by Sliver_88 Monday, October 07, 2013 7:13 PM
    Sunday, October 06, 2013 1:23 AM

All replies

  • 1. It depends what you want achieve.

    2. What is the reason for DNS in demilitarized zone?

    Rgds

    Milos

    Saturday, October 05, 2013 8:50 PM
  • Hi Milos,

    The point of having a dns in a dmz is to separate task of dns. I want a local dns for my users and when it comes times to get to the internet the AD DNS forward them to the DNS in the DMZ.

    Is there a better solution ?

    Thank you for replying !

    Sunday, October 06, 2013 12:27 AM
  •   Sounds reasonable to me. What do you want to change in the reverse lookup zone?

       I would think that all you need are reverse lookup zones for your AD machines. There is no need to resolve the DMZ machine(s) or the Internet sites to their names.


    Bill

    • Marked as answer by Sliver_88 Monday, October 07, 2013 7:13 PM
    Sunday, October 06, 2013 1:23 AM