locked
DNS, WSUS, & Segregated Networks RRS feed

  • Question

  • Use Case -

    An internal network with it's DNS servers who cannot talk to the external net or WWW.

    An External network with it's DNS servers who cannot talk to the internal network but can talk to WWW.

    A dual homed WSUS server who has an IP on both the internal and external nets.  It's WSUS clients will be on internal net.  The patches are from Microsoft, so external net.

    If I configure my WSUS server to use either the internal or external DNS server, it cannot navigate the other network/WWW.  I thought about hosts file, but I can't imagine getting all the A records for all the Microsoft patch sources entered in correctly, or at least an authoritative list to reference. 

    My only thought would be to set wsus to point to external DNS, and set a conditional forward from external DNS to internal DNS for internal domain.  Doubt that would be approved due to security.  Looking for suggestions. 

    Ideal solution would be to tell the WSUS server to use internal DNS server for AD domain's name, then all else to external but I don't think that is possible.

    Any suggestions are welcomed!

    Thanks

    Monday, July 10, 2017 4:14 PM

Answers