Public DNS using Windows Server

A couple of days I have been searching any articles on the Internet about to publicise the DNS as an external. However, I only found on Microsoft TechNet, the URL link below was really useful for Securing DNS Server:

http://technet.microsoft.com/en-us/library/cc786343(v=ws.10).aspx

why I cover this topic, because it concerns to me that I try to find out why the Split DNS is vital for Internal and External network.

What I found !

If we want to make our own DNS to be a public DNS that can query  such host record A, CNAME (Alias), MX record, make sure that there are no internal IP address exposed to the Internet and also the zones for internal should not be there.

External DNS server should be in DMZ Zone and where you don’t keep the internal records in this DNS. External DNS (which is for public DNS) was a stand alone server that does not join domain of the internal network.

I’ve tried some proven point that external users can query the internal IP Address,hostname and zones IF I put the Internal and DMZ IP address in the Public DNS Server. This can be done by simple command such as NSLOOKUP.

In my Local Network, There is an Internal DNS Server where only records all zones, IP address of internal site only.

My Public DNS only handles such records below:

www .netoverme.info           resolve website     where ip address 1.1.1.1

mail.netoverme.info              resolve  mx record   where ip address 1.1.1.2

netoverme.info                         resolve domain      where ip address 1.1.1.3

My Internal DNS Server

www.netoverme.local                  resolve   192.168.0.1       internal website

ns1.netoverme.local                     resolve   192.168.0.2       nameserver

…..

Advertisements