We would like to be able to configure a DNS server for use within our DMZ for small internal servers. Our ISP maintains our external DNS presence so we do not want to make this our only point of resolution . I have setup the domain to resolve names inside of domain.com. If the site is not located internally, it passes the query for unkowndomain.net to our ISPs DNS servers and on from there. To minimize the amount of updates we would have to perform on our DMZ DNS, we would like to pass queries for domain.com to the ISP if it is not found within the DMZ DNS.
Maybe an example will clear it up a bit.
Our DNS resolves domain.com. I have system1.domain.com correctly resolving using the DMZ DNS.
The ISP DNS also resolves system1.domain.com for users outside the firewalls. In addition to system1, system2.domain.com resolves on the ISP DNS from the outside.
If I am on the inside and try to resolve system2.domain.com, it doesn't get resolved because it is not setup in the DMZ DNS. I want to be able to resolve system2.domain.com by passing the query from the DMZ DNS to the ISP DNS.
I know it is confusing. If there are any questions, let me know.
--
Nathaniel Hall, GSEC Intrusion Detection and Firewall Technician Ozarks Technical Community College -- Office of Computer Networking
halln@xxxxxxx 417-447-7535
