I am new to DNS, but I have it mostly configured and working. The only part I am not able to figure out is a piece I am not sure can even be done. Here is the problem:
We would like to be able to configure a DNS server for use within our DMZ for small internal servers. Our ISP maintains our external DNS presence so we do not want to make this our only point of resolution . I have setup the domain to resolve names inside of domain.com. If the site is not located internally, it passes the query for unkowndomain.net to our ISPs DNS servers and on from there. To minimize the amount of updates we would have to perform on our DMZ DNS, we would like to pass queries for domain.com to the ISP if it is not found within the DMZ DNS.
The simple and obvious solution (if your ISP is willing to do it) would be:
Make your DMZ name server the master for your zone (domain). Have ISP configure DNS server(s) on their side as slaves for your zone (using your DMZ name server as master). You update DNS records at one place (your DMZ DNS server) and ISP will be updated automatically by zone transfers (if ISP's name server supports notifications, this will be instantly, if not than after whatever is the configurable poll interval).
You get best of both worlds:
- you update data at *one* place - you update on the server that *you* control - ISP is your second point of resolution - plus data on your DMZ DNS and on ISP DNS is always the same
You can also have it the other way around (master at ISP, your DMZ machine as slave). If your ISP is willing to configure their master DNS server to allow this.
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
