PHWinfo - Afficher un message

09/03/2006, 16h43

Paul Hutchings wrote:
> I would like to use a box in our DMZ running 2003 DNS server as a
> hidden master for some domains we have registered.
>
> Let's call is ns.master.com
>
> I know to only have the publicly accessible DNS servers listed at the
> root servers, and as NS records on the zone.
>
> So I'd have:
>
> ns0.provider.com
> ns1.provider.com
> ns2.provider.com
>
> The provider (provider.com) we use is configured to query for updates
> from a specified IP address for each domain (that of ns.master.com).
>
> The master is configured to allow zone transfers for their IP address.
>
> They don't support notification so it's disabled on ns.master.com for
> each domain.
>
> What should I set the SOA records to?
>
> I guess if I want a fully hidden master I would set it to
> ns0.provider.com rather than ns.master.com - but I'm not sure if it
> would break anything?

If the Secondary servers do not support Notify, you cannot have a fully
hidden master. The SOA record will need to show the MNAME of the master
server, and it must be able to resolve its IP address with a glue record.
You can still have a hidden master, but the SOA record must have the name of
the master, and you will need a record for the primary name server name. You
do not necessarily need an NS record for the master, and you won't want to
have the master DNS on the public record.
http://www.dyndns.com/support/kb/arc...n_primary.html

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

09/03/2006, 16h43	#2
Kevin D. Goodknecht Sr. [MVP] Messages: n/a Hébergeur:	Re: Hidden Master DNS advice Paul Hutchings wrote: > I would like to use a box in our DMZ running 2003 DNS server as a > hidden master for some domains we have registered. > > Let's call is ns.master.com > > I know to only have the publicly accessible DNS servers listed at the > root servers, and as NS records on the zone. > > So I'd have: > > ns0.provider.com > ns1.provider.com > ns2.provider.com > > The provider (provider.com) we use is configured to query for updates > from a specified IP address for each domain (that of ns.master.com). > > The master is configured to allow zone transfers for their IP address. > > They don't support notification so it's disabled on ns.master.com for > each domain. > > What should I set the SOA records to? > > I guess if I want a fully hidden master I would set it to > ns0.provider.com rather than ns.master.com - but I'm not sure if it > would break anything? If the Secondary servers do not support Notify, you cannot have a fully hidden master. The SOA record will need to show the MNAME of the master server, and it must be able to resolve its IP address with a glue record. You can still have a hidden master, but the SOA record must have the name of the master, and you will need a record for the primary name server name. You do not necessarily need an NS record for the master, and you won't want to have the master DNS on the public record. http://www.dyndns.com/support/kb/arc...n_primary.html -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This s =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ https://secure.lsaol.com/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oe.com/OEBackup/Default.aspx ===================================