PHWinfo - Afficher un message - External query resolves internal IP address

03/10/2006, 07h14

Yep I moved all public DNS over to box 2 and everything is just dandy now.
Thanks again!!

"Ryan Faricy" <ryan@faricy.net> wrote in message
news:uL$8WPq5GHA.668@TK2MSFTNGP02.phx.gbl...
> It's a tiny domain with no need for GP etc... But I just had an idea
> too...
>
> I keep my AD zones on box 1 (well I have to, it's the PDC), put my public
> zones on box 2 (mail server) and route all router traffic on port 53 to
> the mail server. That should work fine, the network won't care if there
> are 2 primary nameservers that aren't mirrored if only one is being
> referenced (box 1) by the domain clients, and the other one is
> public-only.
>
> Yeah ... Windows wouldn't be overwriting my zones with its own stuff to
> keep the domain happy... And all domain computers will still function
> normally, and I could delete the regkey I added and all will live happily
> ever after...
>
> I'd just create a standard primary zone on the DNS server on box 2, route
> 53 tcp/udp to it and I don't think anything will even blink once I have it
> set up correctly.
>
> It's been such a long day, I don't know why I didn't think of this
> yesterday. :-P Public shame!! haha.
>
> If you have any further recommendations or input, feel free to let me
> know. Any potential security issues with this even with dynupdates off,
> etc? Thanks a bunch btw!
>
> "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
> news:eUrlI6p5GHA.4116@TK2MSFTNGP03.phx.gbl...
>> Ryan Faricy wrote:
>>> I found exactly what I needed ...
>>>
>>> http://support.microsoft.com/?id=295328
>>
>> Unfortunately, this is not the intended purpose of this article. Oh it
>> will
>> stop the registration of the record but you're going to break replication
>> and Group Policies, using this in your situation.
>> The zone for the AD domain is for Active Directory communication and
>> should
>> not be used as a public zone, especially for a web site.
>> You need to move the Public zone off the Domain controller to a DNS
>> server
>> that does not resolve internal domains. I'm not saying you should not
>> host
>> your own zone and preach to you about leaving the public zone with your
>> registrar. Who you get to host you public zone is your choice, just don't
>> use the same zone for both public and private resolution. Keep them
>> separate
>> on different servers.
>>
>> --
>> Best regards,
>> Kevin D. Goodknecht Sr. [MVP]
>> Hope This s
>> ===================================
>> When responding to posts, please "Reply to Group"
>> via your newsreader so that others may learn and
>> benefit from your issue, to respond directly to
>> me remove the nospam. from my email address.
>> ===================================
>> http://www.lonestaramerica.com/
>> http://support.wftx.us/
>> http://message.wftx.us/
>> ===================================
>> Use Outlook Express?... Get OE_Quotefix:
>> It will strip signature out and more
>> http://home.in.tum.de/~jain/software/oe-quotefix/
>> ===================================
>> Keep a back up of your OE settings and folders
>> with OEBackup:
>> http://www.oe.com/OEBackup/Default.aspx
>> ===================================
>>
>>
>
>

03/10/2006, 07h14	#6
Ryan Faricy Messages: n/a Hébergeur:	Re: External query resolves internal IP address Yep I moved all public DNS over to box 2 and everything is just dandy now. Thanks again!! "Ryan Faricy" <ryan@faricy.net> wrote in message news:uL$8WPq5GHA.668@TK2MSFTNGP02.phx.gbl... > It's a tiny domain with no need for GP etc... But I just had an idea > too... > > I keep my AD zones on box 1 (well I have to, it's the PDC), put my public > zones on box 2 (mail server) and route all router traffic on port 53 to > the mail server. That should work fine, the network won't care if there > are 2 primary nameservers that aren't mirrored if only one is being > referenced (box 1) by the domain clients, and the other one is > public-only. > > Yeah ... Windows wouldn't be overwriting my zones with its own stuff to > keep the domain happy... And all domain computers will still function > normally, and I could delete the regkey I added and all will live happily > ever after... > > I'd just create a standard primary zone on the DNS server on box 2, route > 53 tcp/udp to it and I don't think anything will even blink once I have it > set up correctly. > > It's been such a long day, I don't know why I didn't think of this > yesterday. :-P Public shame!! haha. > > If you have any further recommendations or input, feel free to let me > know. Any potential security issues with this even with dynupdates off, > etc? Thanks a bunch btw! > > "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message > news:eUrlI6p5GHA.4116@TK2MSFTNGP03.phx.gbl... >> Ryan Faricy wrote: >>> I found exactly what I needed ... >>> >>> http://support.microsoft.com/?id=295328 >> >> Unfortunately, this is not the intended purpose of this article. Oh it >> will >> stop the registration of the record but you're going to break replication >> and Group Policies, using this in your situation. >> The zone for the AD domain is for Active Directory communication and >> should >> not be used as a public zone, especially for a web site. >> You need to move the Public zone off the Domain controller to a DNS >> server >> that does not resolve internal domains. I'm not saying you should not >> host >> your own zone and preach to you about leaving the public zone with your >> registrar. Who you get to host you public zone is your choice, just don't >> use the same zone for both public and private resolution. Keep them >> separate >> on different servers. >> >> -- >> Best regards, >> Kevin D. Goodknecht Sr. [MVP] >> Hope This s >> =================================== >> When responding to posts, please "Reply to Group" >> via your newsreader so that others may learn and >> benefit from your issue, to respond directly to >> me remove the nospam. from my email address. >> =================================== >> http://www.lonestaramerica.com/ >> http://support.wftx.us/ >> http://message.wftx.us/ >> =================================== >> Use Outlook Express?... Get OE_Quotefix: >> It will strip signature out and more >> http://home.in.tum.de/~jain/software/oe-quotefix/ >> =================================== >> Keep a back up of your OE settings and folders >> with OEBackup: >> http://www.oe.com/OEBackup/Default.aspx >> =================================== >> >> > >