Hello folks

i am about to embark on what seems on face value to be a rather daunting
task - moving my domian controller / web server behind a firewall apliance. I
have always been wide open up till now and feel the need for more security.
my worry is this. the server holds primary records for about 40 domain names,
all the lookup zones are setup with public ip address with web pages
controlled by IIS6. the apliance will run firewall NAT so the ip address on
the server will change to a private 172.16.10.??? number and the apliance
will map the old public address to the new private one. Question is do i have
to change all my forward zones to the new ip or do they retain the old one?

thanks
--
Paul - South Africa

Paul,
No, Yes.
The DNS server should give out the addresses that the DNS clients will use
to contact the hosts. I assume that will be the same public addresses as
now. If the hosts are behind your firewall, and if the firewall uses NAT,
then the firewall will do the translating between external and internal
names.
It can be simpler just to use external addresses and not use NAT.
Anthony,
http://www.airdesk.co.uk


"Paul Taylor" <PaulTaylor@discussions.microsoft.com> wrote in message
news:B180953C-CFA9-4773-9B62-0954E9AA978F@microsoft.com...
> Hello folks
>
> i am about to embark on what seems on face value to be a rather daunting
> task - moving my domian controller / web server behind a firewall
> apliance. I
> have always been wide open up till now and feel the need for more
> security.
> my worry is this. the server holds primary records for about 40 domain
> names,
> all the lookup zones are setup with public ip address with web pages
> controlled by IIS6. the apliance will run firewall NAT so the ip address
> on
> the server will change to a private 172.16.10.??? number and the apliance
> will map the old public address to the new private one. Question is do i
> have
> to change all my forward zones to the new ip or do they retain the old
> one?
>
> thanks
> --
> Paul - South Africa