(I take it that since you are going down this path that you are NOT using one of the Flash-based GNAT Boxes?)
I wouldn't run the DNS server for your EXT as you are using for DNS on the LAN, if you can avoid it. Better to pick up a cheap PC, throw some OS capable of providing DNS at it (I can think of a handful of good free onces, although admittedly you might not want to use one of them if you've never had experience with them and need to do this in a hurry!), put it on your PSN, and create the tunnel. I'm not sure how you would go about resolving the zone issue on a Windows server... Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Marc Suxdorf [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 29, 2002 12:44 PM > To: Mike Burden > Subject: AW: [gb-users] Name Server Ports > > > > > Mmhh, our W2K Server has the same name as our external > domain. Do you know > the W2K DNS server? Is there a way of setting up a new zone > with the same > name that only serves external queries and how do I restrict access to > external, publicly accessable names only? > > Thanks for helping > > > Marc > > Suxdorf Studios f�r Design > Milchstrasse 6b > D-20148 Hamburg > Tel +49 (40) 41345-100 > Fax +49 (40) 41345-101 > Email [EMAIL PROTECTED] > > > -----Urspr�ngliche Nachricht----- > Von: Mike Burden [mailto:[EMAIL PROTECTED]] > Gesendet: Dienstag, 29. Januar 2002 18:01 > An: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Betreff: RE: [gb-users] Name Server Ports > > > After updating your domain registration to point to your > own EXT address (or an alias), you can do one of two > things: > > If you are using a Flash-based GNAT Box, you can use the > built-in DNS server as the DNS server for your "public" > IP Addresses. > > Otherwise, you will need to create a tunnel and filter > to tunnel port 53 UDP from your EXT or alias to a server > (preferably on the PSN) that provides name resolution > for your external addreses. > > Note that in either case, the DNS server you set up should > only resolve your external, publicly accessable names. > > Most organizations don't have more than a handful of publicly > resolvable names (www.mycompany.com, mail.mycompany.com, > ftp.mycompany.com, the MX record, etc.) > > > Mike Burden > Lynk Systems > http://www.lynk.com > (616)532-4985 > [EMAIL PROTECTED] > > > > > -----Original Message----- > > From: Marc Suxdorf [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, January 29, 2002 11:52 AM > > To: [EMAIL PROTECTED] > > Subject: [gb-users] Name Server Ports > > > > > > Hi everyone > > > > We've got a terrible disaster: Our American ISP vanished from > > the surface of > > this earth and all name server records of our domain point to a non > > functional server. > > We highly depend on a working mail system and I quickly need > > to set up a > > temporary solution. > > > > I think of changing our name server entries at Verisign so > > that they point > > to our windows 2000 server behind our Gnatbox. Our Windows > > 2000 DNS server > > is then supposed to function as our primary name server and > > should serve > > external requests with our own A and MX record entries (with > > the mx record > > for example pointing to the gnatbox mail proxy). > > > > I am not very experienced with this and don't know whether > > this would work > > at all. I have also created a new host entry for our domain > > at Verisign > > which gives a name to our Gnatbox External Interface IP > > address, because > > currently our ip addresses are not registered at all. > > > > The last peace of information missing (if this whole > > structure works) would > > be the ports and protocols I need to open up in order to > > allow for external > > name server requests. Also, what security problems will I be facing? > > > > I would be very grateful for any tips, hints or even better > > suggestions. > > > > VERY IMPORTANT: please don't hit reply, because then you'll > > reply to that > > non existent ISP. Please reply to [EMAIL PROTECTED] > > > > Thanks a lot for helping me out with this nightmare > > > > Marc > > > > Suxdorf Studios f�r Design > > Milchstrasse 6b > > D-20148 Hamburg > > Tel +49 (40) 41345-100 > > Fax +49 (40) 41345-101 > > Email [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > To subscribe to the digest version first unsubscribe, then > > e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
