Filter
Top Products
The following DNS configuration and name resolution scenarios are considered in
detail with overlapping internal and external namespaces, since it is the most
complicated case.
It is assumed that the namespaces of both companies consist only of names within
a NSI assigned domain, that is, yyy.com. and zzz.com. It is also assumed that all
computers in the YYY Corporation are proxy clients supporting Proxy
AutoConfiguration File, while none of the computers in the ZZZ Corporation are
proxy clients. The goal in this section is to demonstrate the appropriate
configuration of the DNS servers, zones and clients to satisfy the following
requirements:
• Expose only a public portion of the namespace to the Internet,
• Enable a company computer to resolve any (internal or external) names within
its company,
• Enable a company computer to resolve any name from the Internet.
Finally, assume that the two considered corporations have merged and now every
computer from these two private namespaces should be able to resolve any
(internal and external) name, not only within the namespace of its own company,
but within a namespace of the merged company as well.
The following solution will satisfy all four of these requirements.
Two DNS servers exposed to the Internet are authoritative for two zones, yyy.com.
and zzz.com., as shown on the figure below. (To simplify the example, one server
and one zone per company have been chosen. In reality a company may choose to
have more servers and zones such as first.yyy.com, second.yyy.com. and so forth.)
These zones contain only records corresponding to external names and delegations
of the YYY and ZZZ Corporations (or in other words, only those records which these
two companies wish to expose to the external world). This is the only common
solution for both companies. The rest of the design features are different.
First consider the private namespace design and the configuration of the DNS
servers, zones and clients in case the company’s computers are not proxy clients,
for example, in ZZZ Corporation.
A company must devote a set of DNS Servers that are not exposed to the Internet
to maintain zones containing all names (both internal and external) from the
company namespace. Every DNS client must send DNS queries to some of these
DNS servers. Every DNS server must forward queries to a pre-assigned forwarder
(s). If a DNS server contains a top-level company namespace zone, that is,
zzz.com., then its forwarder is a DNS server(s) exposed to the Internet. The
communication between internal and external servers takes place through a
firewall. Every other internal DNS server forwards unresolved queries to a DNS
server(s) that contains the top-level company namespace zone.
To guarantee that a company client is able to resolve any hostname from the
merged companies every DNS server containing a top-level company namespace
Windows 2000 White Paper 48