(I take it that since you are going down this path that
you are NOT using one of the Flash-based GNAT Boxes?)

I wouldn't run the DNS server for your EXT as you are
using for DNS on the LAN, if you can avoid it.
Better to pick up a cheap PC, throw some OS capable of
providing DNS at it (I can think of a handful of good
free onces, although admittedly you might not want to
use one of them if you've never had experience with
them and need to do this in a hurry!), put it on your
PSN, and create the tunnel.

I'm not sure how you would go about resolving the
zone issue on a Windows server...

Mike Burden
Lynk Systems
http://www.lynk.com
(616)532-4985
[EMAIL PROTECTED]




> -----Original Message-----
> From: Marc Suxdorf [mailto:[EMAIL PROTECTED]] 
> Sent: Tuesday, January 29, 2002 12:44 PM
> To: Mike Burden
> Subject: AW: [gb-users] Name Server Ports
> 
> 
> 
> 
> Mmhh, our W2K Server has the same name as our external 
> domain. Do you know
> the W2K DNS server? Is there a way of setting up a new zone 
> with the same
> name that only serves external queries and how do I restrict access to
> external, publicly accessable names only?
> 
> Thanks for helping
> 
> 
> Marc
> 
> Suxdorf Studios f�r Design
> Milchstrasse 6b
> D-20148 Hamburg
> Tel +49 (40) 41345-100
> Fax +49 (40) 41345-101
> Email [EMAIL PROTECTED]
> 
> 
>  -----Urspr�ngliche Nachricht-----
> Von:  Mike Burden [mailto:[EMAIL PROTECTED]] 
> Gesendet:     Dienstag, 29. Januar 2002 18:01
> An:   [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Betreff:      RE: [gb-users] Name Server Ports
> 
>  
> After updating your domain registration to point to your
> own EXT address (or an alias), you can do one of two
> things:
> 
> If you are using a Flash-based GNAT Box, you can use the
> built-in DNS server as the DNS server for your "public"
> IP Addresses.
> 
> Otherwise, you will need to create a tunnel and filter
> to tunnel port 53 UDP from your EXT or alias to a server
> (preferably on the PSN) that provides name resolution
> for your external addreses.
> 
> Note that in either case, the DNS server you set up should
> only resolve your external, publicly accessable names.
> 
> Most organizations don't have more than a handful of publicly
> resolvable names (www.mycompany.com, mail.mycompany.com,
> ftp.mycompany.com, the MX record, etc.)
> 
> 
> Mike Burden
> Lynk Systems
> http://www.lynk.com
> (616)532-4985
> [EMAIL PROTECTED]
> 
> 
> 
> > -----Original Message-----
> > From: Marc Suxdorf [mailto:[EMAIL PROTECTED]] 
> > Sent: Tuesday, January 29, 2002 11:52 AM
> > To: [EMAIL PROTECTED]
> > Subject: [gb-users] Name Server Ports
> > 
> > 
> > Hi everyone
> > 
> > We've got a terrible disaster: Our American ISP vanished from 
> > the surface of
> > this earth and all name server records of our domain point to a non
> > functional server. 
> > We highly depend on a working mail system and I quickly need 
> > to set up a
> > temporary solution.
> > 
> > I think of changing our name server entries at Verisign so 
> > that they point
> > to our windows 2000 server behind our Gnatbox. Our Windows 
> > 2000 DNS server
> > is then supposed to function as our primary name server and 
> > should serve
> > external requests with our own A and MX record entries (with 
> > the mx record
> > for example pointing to the gnatbox mail proxy).
> > 
> > I am not very experienced with this and don't know whether 
> > this would work
> > at all. I have also created a new host entry for our domain 
> > at Verisign
> > which gives a name to our Gnatbox External Interface IP 
> > address, because
> > currently our ip addresses are not registered at all.
> > 
> > The last peace of information missing (if this whole 
> > structure works) would
> > be the ports and protocols I need to open up in order to 
> > allow for external
> > name server requests. Also, what security problems will I be facing?
> > 
> > I would be very grateful for any tips, hints or even better 
> > suggestions.
> > 
> > VERY IMPORTANT: please don't hit reply, because then you'll 
> > reply to that
> > non existent ISP. Please reply to [EMAIL PROTECTED]
> > 
> > Thanks a lot for helping me out with this nightmare
> > 
> > Marc
> > 
> > Suxdorf Studios f�r Design
> > Milchstrasse 6b
> > D-20148 Hamburg
> > Tel +49 (40) 41345-100
> > Fax +49 (40) 41345-101
> > Email [EMAIL PROTECTED]
> > 
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > To subscribe to the digest version first unsubscribe, then
> >  e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > 
> > 
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
 e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to