Windows server 2003 R2.

We are looking to create a DMZ area with an external DNS server. As I
understand it, when building the DMZ DNS server I should keep the DMZ DNS
seperate from the internal DNS so it doesn't copy any records from them.
Then the Internal DNS should forward requests for external IP's to the new
one in the DMZ.

Is this correct?
--
Don

"Don" <Don@discussions.microsoft.com> wrote in message
news:418A1522-2C60-4724-81FD-2ED6D8012A91@microsoft.com...
> Windows server 2003 R2.
>
> We are looking to create a DMZ area with an external DNS server. As I
> understand it, when building the DMZ DNS server I should keep the DMZ DNS
> seperate from the internal DNS so it doesn't copy any records from them.

Yes, you are really keeping (any) DNS "zones" separate however.

Generally most companies should NOT be running their own EXTERNAL
DNS server but should leave (or return) it to their Registrar.

> Then the Internal DNS should forward requests for external IP's to the new
> one in the DMZ.

Maybe. Generally the internal DNS servers should probably not be
recursing physically all over the Internet (esp. DC-DNS) and so they
should forward to a (caching only) DNS server that can do that.


The Gateway/Firewall/DMZ DNS server or the ISP DNS are likely
candidates but there is NOT requirement that it be the one which
holds external DNS zones.


--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)