PHWinfo - Afficher un message - External query resolves internal IP address

03/10/2006, 06h24

It's a tiny domain with no need for GP etc... But I just had an idea too...

I keep my AD zones on box 1 (well I have to, it's the PDC), put my public
zones on box 2 (mail server) and route all router traffic on port 53 to the
mail server. That should work fine, the network won't care if there are 2
primary nameservers that aren't mirrored if only one is being referenced
(box 1) by the domain clients, and the other one is public-only.

Yeah ... Windows wouldn't be overwriting my zones with its own stuff to keep
the domain happy... And all domain computers will still function normally,
and I could delete the regkey I added and all will live happily ever
after...

I'd just create a standard primary zone on the DNS server on box 2, route 53
tcp/udp to it and I don't think anything will even blink once I have it set
up correctly.

It's been such a long day, I don't know why I didn't think of this
yesterday. :-P Public shame!! haha.

If you have any further recommendations or input, feel free to let me know.
Any potential security issues with this even with dynupdates off, etc?
Thanks a bunch btw!

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:eUrlI6p5GHA.4116@TK2MSFTNGP03.phx.gbl...
> Ryan Faricy wrote:
>> I found exactly what I needed ...
>>
>> http://support.microsoft.com/?id=295328
>
> Unfortunately, this is not the intended purpose of this article. Oh it
> will
> stop the registration of the record but you're going to break replication
> and Group Policies, using this in your situation.
> The zone for the AD domain is for Active Directory communication and
> should
> not be used as a public zone, especially for a web site.
> You need to move the Public zone off the Domain controller to a DNS server
> that does not resolve internal domains. I'm not saying you should not host
> your own zone and preach to you about leaving the public zone with your
> registrar. Who you get to host you public zone is your choice, just don't
> use the same zone for both public and private resolution. Keep them
> separate
> on different servers.
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>

03/10/2006, 06h24	#5
Ryan Faricy Messages: n/a Hébergeur:	Re: External query resolves internal IP address It's a tiny domain with no need for GP etc... But I just had an idea too... I keep my AD zones on box 1 (well I have to, it's the PDC), put my public zones on box 2 (mail server) and route all router traffic on port 53 to the mail server. That should work fine, the network won't care if there are 2 primary nameservers that aren't mirrored if only one is being referenced (box 1) by the domain clients, and the other one is public-only. Yeah ... Windows wouldn't be overwriting my zones with its own stuff to keep the domain happy... And all domain computers will still function normally, and I could delete the regkey I added and all will live happily ever after... I'd just create a standard primary zone on the DNS server on box 2, route 53 tcp/udp to it and I don't think anything will even blink once I have it set up correctly. It's been such a long day, I don't know why I didn't think of this yesterday. :-P Public shame!! haha. If you have any further recommendations or input, feel free to let me know. Any potential security issues with this even with dynupdates off, etc? Thanks a bunch btw! "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:eUrlI6p5GHA.4116@TK2MSFTNGP03.phx.gbl... > Ryan Faricy wrote: >> I found exactly what I needed ... >> >> http://support.microsoft.com/?id=295328 > > Unfortunately, this is not the intended purpose of this article. Oh it > will > stop the registration of the record but you're going to break replication > and Group Policies, using this in your situation. > The zone for the AD domain is for Active Directory communication and > should > not be used as a public zone, especially for a web site. > You need to move the Public zone off the Domain controller to a DNS server > that does not resolve internal domains. I'm not saying you should not host > your own zone and preach to you about leaving the public zone with your > registrar. Who you get to host you public zone is your choice, just don't > use the same zone for both public and private resolution. Keep them > separate > on different servers. > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This s > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/ > http://support.wftx.us/ > http://message.wftx.us/ > =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/ > =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oe.com/OEBackup/Default.aspx > =================================== > >