DNS Question

[Nathaniel Hall]

Everything we do requires a single domain so I can't do that and I don't 
want to update everything on the ISPs, so that won't work either.

Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking

halln at otc.edu
417-447-7535



Rich Burroughs wrote:

> Nathaniel Hall wrote:
>
>> Maybe an example will clear it up a bit.
>>
>> Our DNS resolves domain.com.  I have system1.domain.com correctly 
>> resolving using the DMZ DNS.
>> The ISP DNS also resolves system1.domain.com for users outside the 
>> firewalls.  In addition to system1, system2.domain.com resolves on 
>> the ISP DNS from the outside.
>>
>> If I am on the inside and try to resolve system2.domain.com, it 
>> doesn't get resolved because it is not setup in the DMZ DNS.  I want 
>> to be able to resolve system2.domain.com by passing the query from 
>> the DMZ DNS to the ISP DNS.
>>
>> I know it is confusing.  If there are any questions, let me know.
>
>
> Hi Nathaniel,
>
> I didn't find your explanation confusing, I understand exactly what 
> you mean. I don't know if a way to do exactly what you're asking for, 
> though. As far as I know, you will need to update the DNS on the DMZ 
> box to match both what is in the ISP's zone and also whatever internal 
> entries you need.
>
> Perhaps someone who knows more about DNS than I do will have a fix for 
> you, though :)
>
> Another option would be to use a different domain for the internal 
> addresses, and then have the ISP resolve all the queries for the 
> external  domain. So if you were using foo.com for the main, external 
> domain, you might grab foo.net and use that for the internal addresses.
>
>
> Rich
>
>