Domain Name 2 NS Mapping Vicky 6/26/2007 8:19:00 AM We wish to host a inhouse IIS/mail server. We have a Leased line/static IP & we have registered our domain mydomain.org with a domain registrar We have to decide as to how we would be setting up DNS service to work in our environment. Our setup would have a inhouse mydomain.org or mydomain.local ADS Domain + DDNS + Exchange server + IIS & a ISA firewall server. Our Domain Control Panel allows us to set the Name server. What should we set here? Could some one put more light on this?

Re: Domain Name 2 NS Mapping "Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> 6/26/2007 1:49:45 PM Read inline please. In news:FF09EA34-FB3B-44E9-8FDE-94D63C318DAF[ at ]microsoft.com, Vicky <Vicky[ at ]discussions.microsoft.com> typed: [Quoted Text] > We wish to host a inhouse IIS/mail server. We have a Leased > line/static IP & we have registered our domain mydomain.org with a > domain registrar > > We have to decide as to how we would be setting up DNS service to > work in our environment. > > Our setup would have a inhouse mydomain.org or mydomain.local ADS > Domain + DDNS + Exchange server + IIS & a ISA firewall server. > > Our Domain Control Panel allows us to set the Name server. What > should we set here? > Could some one put more light on this? Leased line, static IP or not, you should probably leave the Public Zone at the registrar because you are going to need your local DNS for access to the sites you are going to host locally, if you are behind a router or other NAT device. When you are behind NAT, all your machines have Private non-routable IP addresses that you must access them by. So, you need a local DNS server that publishes these names with Private records. If you must host your Public DNS locally, you should dedicate at least one machine for the Public DNS, and not allow any local machines to use it for DNS because it should have recursion disabled on it. Disabling recursion (Advanced tab) stops DNS from resolving external names, not to be confused with Do not use recursion (Forwarders tab) which only stops DNS from using Root Hints. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx ===================================

Re: Domain Name 2 NS Mapping Vicky 6/26/2007 4:32:01 PM Dear Kevin The question is partially answered & have raised many other new questions to us. Could you eleborate what you meant by saying "you should probably leave the Public Zone at the registrar" Do you mean to say the NS entry should point to the NS of the Domain registrar. Also if a internet user has to connect to our website www.mydomain.org or send a email to user[ at ]mydomain.org & if both the website & the email server is hosted inhouse then how would the internet user perform name resolution to our domain? We are aware that we can have our resources published via ISA. But the biggest question is how would a internet user resolve www.mydomain to our external IP address? "Kevin D. Goodknecht Sr. [MVP]" wrote: [Quoted Text] > Read inline please. > > In news:FF09EA34-FB3B-44E9-8FDE-94D63C318DAF[ at ]microsoft.com, > Vicky <Vicky[ at ]discussions.microsoft.com> typed: > > We wish to host a inhouse IIS/mail server. We have a Leased > > line/static IP & we have registered our domain mydomain.org with a > > domain registrar > > > > We have to decide as to how we would be setting up DNS service to > > work in our environment. > > > > Our setup would have a inhouse mydomain.org or mydomain.local ADS > > Domain + DDNS + Exchange server + IIS & a ISA firewall server. > > > > Our Domain Control Panel allows us to set the Name server. What > > should we set here? > > Could some one put more light on this? > > Leased line, static IP or not, you should probably leave the Public Zone at > the registrar because you are going to need your local DNS for access to the > sites you are going to host locally, if you are behind a router or other NAT > device. > When you are behind NAT, all your machines have Private non-routable IP > addresses that you must access them by. So, you need a local DNS server that > publishes these names with Private records. > > If you must host your Public DNS locally, you should dedicate at least one > machine for the Public DNS, and not allow any local machines to use it for > DNS because it should have recursion disabled on it. Disabling recursion > (Advanced tab) stops DNS from resolving external names, not to be confused > with Do not use recursion (Forwarders tab) which only stops DNS from using > Root Hints. > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/ > http://support.wftx.us/ > http://message.wftx.us/ > =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/ > =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oehelp.com/OEBackup/Default.aspx > =================================== > > >

Re: Domain Name 2 NS Mapping "Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> 6/27/2007 5:27:57 PM Read inline please. In news:B02FB639-8E56-4BCA-8B0E-6B28209B4A28[ at ]microsoft.com, Vicky <Vicky[ at ]discussions.microsoft.com> typed: [Quoted Text] > Dear Kevin > > The question is partially answered & have raised many other new > questions to us. > > Could you eleborate what you meant by saying "you should probably > leave the Public Zone at > the registrar" Do you mean to say the NS entry should point to the NS > of the Domain registrar. I mean the Name Server entry on your domain's public record should point to name servers that your registrar provides to host your public domain's zone. Many give you access to a web site where you can manage the public DNS. If yours does not provide this service to you for no extra charge, move your domain to one that does. On the Public DNS you will create records that have names and IPs to point to your public IP addresses for your mail server and websites. Then when an internet user sends you mail or accesses you web site name it is these records the they get. > > Also if a internet user has to connect to our website > www.mydomain.org or send a email to user[ at ]mydomain.org & if both the > website & the email server is hosted inhouse then how would the > internet user perform name resolution to our domain? Internet user's DNS servers will ask the DNS servers listed on your Public record. > We are aware that we can have our resources published via ISA. But the > biggest question is how would a internet user resolve www.mydomain to > our external IP address? The DNS servers listed on your Public record will have the record names and Public IPs that you have on your router or what ever you use to connect to the internet. You have to think of it this way, you have two separate networks, one is your internal network. It has IP addresses that work only from your local network, these IPs cannot be routed accross the internet. You have to have a DNS server on your internal network to provide these private IPs by name. You also have a public network which is the IP addresses on your internet connection. It may be only one or two IPs but it is still your public network, and you should have DNS servers that provide these IPs by name. One DNS server should not be asked to resolve names for both of these networks, you need two DNS servers on the internet, and at least one separate DNS server on your internal network. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx ===================================

Re: Domain Name 2 NS Mapping Vicky 6/29/2007 7:54:00 AM Dear Kevin, I was searching info on Managed DNS Service Hosting from different Service provider. What I noticed was most of them allow you to create CName, A, MX, SRV, SOA type of records but none of them mentions the PTR record. If I go for such managed DNS hosting from some Service provider, how would reverse name resolution happen for my public IP address of the inhouse hosted web & mail server? Most of them do not allow creating PTR record. I will also have AD integrated DNS in my internal network, but that would just serve the internal client. Could u please explain this part. I am more concerned about email sent from our internal network getting blocked if the target email domain perfrom reverse lookup. "Kevin D. Goodknecht Sr. [MVP]" wrote: [Quoted Text] > Read inline please. > > In news:B02FB639-8E56-4BCA-8B0E-6B28209B4A28[ at ]microsoft.com, > Vicky <Vicky[ at ]discussions.microsoft.com> typed: > > Dear Kevin > > > > The question is partially answered & have raised many other new > > questions to us. > > > > Could you eleborate what you meant by saying "you should probably > > leave the Public Zone at > > the registrar" Do you mean to say the NS entry should point to the NS > > of the Domain registrar. > > I mean the Name Server entry on your domain's public record should point to > name servers that your registrar provides to host your public domain's zone. > Many give you access to a web site where you can manage the public DNS. If > yours does not provide this service to you for no extra charge, move your > domain to one that does. > > On the Public DNS you will create records that have names and IPs to point > to your public IP addresses for your mail server and websites. Then when an > internet user sends you mail or accesses you web site name it is these > records the they get. > > > > > > Also if a internet user has to connect to our website > > www.mydomain.org or send a email to user[ at ]mydomain.org & if both the > > website & the email server is hosted inhouse then how would the > > internet user perform name resolution to our domain? > > Internet user's DNS servers will ask the DNS servers listed on your Public > record. > > > > We are aware that we can have our resources published via ISA. But the > > biggest question is how would a internet user resolve www.mydomain to > > our external IP address? > > The DNS servers listed on your Public record will have the record names and > Public IPs that you have on your router or what ever you use to connect to > the internet. > > > You have to think of it this way, you have two separate networks, one is > your internal network. It has IP addresses that work only from your local > network, these IPs cannot be routed accross the internet. You have to have a > DNS server on your internal network to provide these private IPs by name. > You also have a public network which is the IP addresses on your internet > connection. It may be only one or two IPs but it is still your public > network, and you should have DNS servers that provide these IPs by name. > One DNS server should not be asked to resolve names for both of these > networks, you need two DNS servers on the internet, and at least one > separate DNS server on your internal network. > > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/ > http://support.wftx.us/ > http://message.wftx.us/ > =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/ > =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oehelp.com/OEBackup/Default.aspx > =================================== > > >

Re: Domain Name 2 NS Mapping "Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> 6/29/2007 3:55:29 PM Read inline please. In news:F768C6DE-18B8-4E0B-832D-E4D3D9DA0DCE[ at ]microsoft.com, Vicky <Vicky[ at ]discussions.microsoft.com> typed: [Quoted Text] > Dear Kevin, > > I was searching info on Managed DNS Service Hosting from different > Service provider. What I noticed was most of them allow you to create > CName, A, MX, SRV, SOA type of records but none of them mentions the > PTR record. I find it highly unlikely that they allow you to create SOA records because that record is owned by the DNS "server" that holds the master zone. As for PTR records, the reason you can't create PTR records is because those records are owned by the person or service provider that owns the IP addresses and are in the domain TLD tree "arpa", which is maintained separately and have no real relation to the gTLD or ccTLD domain trees. > > If I go for such managed DNS hosting from some Service provider, how > would reverse name resolution happen for my public IP address of the > inhouse hosted web & mail server? Most of them do not allow creating > PTR record. > > I will also have AD integrated DNS in my internal network, but that > would just serve the internal client. > > Could u please explain this part. I am more concerned about email > sent from our internal network getting blocked if the target email > domain perfrom reverse lookup. Contact you ISP as they are likely to have Authority for your IP address PTR, if they don't, they certainly know who does, because they pay a lease to someone on every IP address they have. All IP addresses are leased from someone, even the largest ISPs lease IP addresses. It may be a 100 yr lease but all IP addresses are controlled by the regional providers, ie. ARIN, RIPE , etc. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This Helps =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oehelp.com/OEBackup/Default.aspx ===================================