Filter
Top Products
strongly discouraged, since it may lead to the ambiguity in name resolution
processes.
In this section the focus is on the design of the private namespaces and the
configuration of the DNS servers and zones. The specifics of two different designs
are presented by considering two companies using private namespaces of different
structure. These two companies, YYY and ZZZ Corporations, have reserved the
DNS domain name suffixes, yyy.com. and zzz.com. The general approach to DNS
configuration is to have internal (those that are accessible from internal clients only)
and external DNS servers. External DNS servers contain the records that are
supposed to be exposed to the Internet. The internal DNS namespace may contain
a private root, in which case all internal clients that are anticipated to require name
resolution must support Name Exclusion List or Proxy Autoconfiguration File to
distinguish whether to direct name resolution queries to the proxy server or internal
DNS server. An alternative approach is to configure internal DNS server(s) to
forward to the Internet unresolved queries. Depending on the type of the clients that
require DNS name resolution, the DNS configuration may be quite different. Four
types of clients are distinguished based on their software proxy capability:
• proxy unaware,
• supporting LAT (Local Address Table),
• supporting Name Exclusion List, and
• Supporting Proxy AutoConfiguration file.
If name resolution is required by proxy unaware clients, or clients supporting only
LAT, then the private DNS namespace can’t have a private root and one or more
internal DNS servers must forward to the Internet unresolved queries.
As recommended in the previous section, the desired internal namespaces would
be corp.yyy.com. and corp.zzz.com.
If the internal and external namespaces overlap, the configuration becomes more
complicated. The example of such overlap is external web server www.yyy.com.
and internal computer host1.yyy.com. This approach introduces some complications
to the internal DNS configuration:
• to enable an internal computer to resolve the name of an external server and
contact it, all clients must support Proxy AutoConfiguration File, unless external
servers are cloned internally and external DNS records are copied internally
(which increases the total cost of ownership due to required additional
hardware and administration), or external DNS records are copied internally
and the firewall is properly configured to enable internal clients to contact
external servers,
• if all clients support Proxy AutoConfiguration File, then the file must be
configured appropriately to distinguish internal and external computers with the
same suffixes (as in the example above, with www.yyy.com. and internal
computer host1.yyy.com.).
Windows 2000 White Paper
47