none
DNS Zone Transfer for two public-facing DMZ's RRS feed

  • Question

  • We have a DMZ which contains our corporate web and DNS Windows servers.  This DNS server has a public IP address from our allocated block, and our Registrar Network Solutions has this server's IP recorded.  We now have a new DR site, connected to the internet and also to our network as a 1G WAN connection.

    For redundancy, I'd like to have another public-facing DNS server in the DR site, always on.  I would also like them to be synchronized.  Am I correct in assuming I need to setup Zone Transfer?  If so, I think it would be best to have this traffic go across our WAN link.  This would mean I would need to open up the two external DNS servers in our firewalls to allow them to talk to each other via the WAN  Would I only need to allow port TCP/UDP port 53?

    Thanks!

    Tuesday, August 6, 2019 1:28 PM

All replies

  • Hi,

    Thanks for posting in this forum.

    Are the two DNS servers running on domain controllers? If so, you can use AD integrated zones.

    If not, or if the DNS server in DMZ is and the DNS server in DR site is not, then you can use zone transfer. A zone transfer allows you to put a read only copy elsewhere from a read/write copy.

    “Would I only need to allow port TCP/UDP port 53?—>Yes, please open TCP/UDP port 53.

    Best regards,

    Abby



    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 7, 2019 7:20 AM
  • Hi,

    Just want to confirm the current situation.

    Please feel free to let us know if you need further assistance.

    Best regards,

    Abby


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 9, 2019 9:22 AM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If no, please reply and tell us the current situation in order to provide further help.

    Best regards,

    Abby


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 14, 2019 8:35 AM