on 29/11/99 1:21 PM, also sprach Larry Pesce:
> At my organization we are looking to implement both DHCP, and DNS (separate
> questions), and I have some concerns.
>
> DHCP:
>
> We have a large campus environment across several blocks, and most of the
> more remote locations are connected together by 10M ethernet via microwave.
> These links are pretty heavily utilized, so in our quest to implement DHCP,
> the thought has come up to locate multiple DHCP servers throughout the
> network. For example, putting a DHCP server in the most remote building, to
> service "just that building" and not having to propogate the DHCP traffic
> across the smaller network pipes.
I'm certainly not a DHCP expert, but that's how most people I speak with
handle it.
> DNS:
>
> Currently we are usind NAT with a firewall, and our internal network is
> 159.139.0.0 (which we don't own - the previous net admin just picked them
> out of a hat, and yes I am planning on replacing them with RFC1918
> addresses..) and we would like to set up our own DNS servers to resolve to
> some internal hosts, as well as provide name resolution for FQDN's out on
> the internet - sort of a mix of a internal DNS and an external DNS all in
> one "box". Would I have to have 2 seperate boxes? I also don't want our
> "internal" hosts FQDN's propogated outside of our network. Any suggestions,
> tips, etc?
Actually, you want 4 DNS boxes. Two inside your firewall (master and slave)
and two outside of your firewall (master and slave). The two on the outside
will sit right on the Internet, or in a DMZ. Those will have the smaller,
subset of DNS data - just the hosts that you want the general public to know
about, or those that they need to know about (like the machine in an MX
record). Keep security in mind with these (e.g. - no telnet, etc.)
The two inside should not be accessible from the outside and can contain
every host on your internal net.
Of course, your firewall have to allow the two internal DNS servers to make
external (root) requests.
This advise makes some assumptions, so ask away if it needs refining.
--
Ed Marczak, The New York Media Group, Inc.
[EMAIL PROTECTED]
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
