Name servers (NS) would be your domain controllers as normal. Simon.
From: David Lum [mailto:[email protected]] Sent: 22 February 2012 21:08 To: NT System Admin Issues Subject: RE: DNS-y Thanks guys. Do I need to do anything with the NS entry in these zones I created, or just leave as default? Dave From: Simon Butler [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Wednesday, February 22, 2012 11:11 AM To: NT System Admin Issues Subject: RE: DNS-y You want to do a single host name split DNS. Create a zone for each host name in your DNS. Then create a blank "A record" in each zone that points to the IP address. Doesn't affect the rest of the remote domain for DNS. http://exchange.sembee.info/network/split-dns.asp Simon. -- Simon Butler MVP: Exchange, MCSE Sembee Ltd. e: [email protected]<mailto:[email protected]> w: http://www.sembee.co.uk/ w: http://exchange.sembee.info/ w: http://blog.sembee.co.uk/ Need cheap certificates for Exchange, compatible with the iPhone? http://CertificatesForExchange.com/<http://certificatesforexchange.com/> for certificates from just $26.99. Need a domain for your certificate? http://DomainsForExchange.net/<http://domainsforexchange.net/> Exchange Resources: http://exbpa.com/ From: ed ziots [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: 22 February 2012 18:33 To: NT System Admin Issues Subject: RE: DNS-y Split-brain DNS is not always a bad idea, ( what is internal should be internal and what is DMZ/External should be external) You probably can do one of two things for this. I am assuming that you don't own the DNS Server that is authoriative for the zone ( thisclient.com). I agree you could set up a thisclient.com dns zone on a dns server you own within your site ( as long as the client is using that dns server for resolving) if not then you are going to have to access the DNS server that is authoritative for the zone, and make the A records there. I doubt you will have luck allowing a zone transfer from the master across the VPN pipe if the primary DNS server is on the other side of the VPN tunnel ( especially if you have the tunnel locked down, which you should) Z Edward E. Ziots Security Engineer CISSP,Security +,Network+ > From: [email protected]<mailto:[email protected]> > Date: Wed, 22 Feb 2012 12:18:05 -0500 > Subject: Re: DNS-y > To: > [email protected]<mailto:[email protected]> > > On Wed, Feb 22, 2012 at 10:43 AM, David Lum > <[email protected]<mailto:[email protected]>> wrote: > > We have a VPN tunnel to a client, and we've been asked to make some DNS > > entries for Thisclient.com addresses and frankly, I don't know how to do it > > or even how to Google for it. They gave us a list of IP's that need to have > > entries. > > You can tell your DNS server to claim authority for whatever you > want, and as long as your DNS clients are using that DNS server for > all lookups, you'll get what you told it to say. So claim authority > for new zones, named <host1.thisclient.com>, <host2.thisclient.com>, > etc., and put in the A records at the origin level. Any time their IP > addresses change, they'll have to tell you. > > > I could do DNS forwarding but that would disable us being able to get to > > thisclient.com's external websites, wouldn't it? > > Yup. > > (Aside: This is yet another example of why split DNS is a bad idea. > Too bad for you, your client doesn't know that.) > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
