MS DNS and AD question

From: James Fullerton (James@RS25.com)
Date: 10/26/01

Previous message: Matt Hemingway: "Can't log off administrator account"
Next in thread: Jim Harrison (SPG): "RE: MS DNS and AD question"
Reply: Jim Harrison (SPG): "RE: MS DNS and AD question"
Reply: Laura A. Robinson: "Re: MS DNS and AD question"
Reply: Dimitri Limanovski: "RE: MS DNS and AD question"
Reply: McCammon, Keith: "RE: MS DNS and AD question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <001101c15e34$75000350$8d05859f@ha.osd.mil>
From: "James Fullerton" <James@RS25.com>
To: <focus-ms@securityfocus.com>
Subject: MS DNS and AD question
Date: Fri, 26 Oct 2001 09:39:49 -0600

I'm using MS DNS and AD, and AD publishes my internal IP addresses to anyone
who wants to see them (using nslookup for example). I would like to prevent
that from happening, and keep my internal IP addresses hidden (i.e.,
10.0.0.2 should not be visible). Short of setting up separate internal and
external DNS servers, can this be done? If so, can someone please direct me
to directions or provide details?

Microsoft's weak answer:
It is possible to keep the two zones on one server and to integrate the zone
with the Active Directory security features. With proper access control to
the DNS files in Active Directory, one might be able to restrict internal
DNS queries to authenticated users only. However, we have not verified this
solution. The complexity of this solution would require extensive testing to
ensure proper settings are being made and no internal information is being
erroneously exported to the Internet.

Thanks,

James F
James@RS25.com
(303) 913 - 6998

Previous message: Matt Hemingway: "Can't log off administrator account"
Next in thread: Jim Harrison (SPG): "RE: MS DNS and AD question"
Reply: Jim Harrison (SPG): "RE: MS DNS and AD question"
Reply: Laura A. Robinson: "Re: MS DNS and AD question"
Reply: Dimitri Limanovski: "RE: MS DNS and AD question"
Reply: McCammon, Keith: "RE: MS DNS and AD question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Windows Server 2003 DNS & Active Directory Installation?
... Sorry I don’t have an experience in DNS & Active Directory configuration ... These features I should be needed for my organization in our server which is ... DNS (I really couldn’t understand why need DNS? ... transfer/share file over the internet through secured way. ...
(microsoft.public.windows.server.general)
Re: Urgent! New router and big disaster
... Both NICs should point to his internal IP for DNS. ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
(microsoft.public.windows.server.sbs)
Re: Urgent! New router and big disaster
... Both NICs should point to his internal IP for DNS. ... You should give your SBS a fixed external address so you can forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
(microsoft.public.windows.server.sbs)
Re: Active Directory setup
... MS recommends that you register your Active Directory domain solely to ... provide dynamic DNS, and it must point to itself for primary DNS. ... The conventional way to provide Internet ... IP address of your ISP's DNS server and click Add. ...
(microsoft.public.windows.server.setup)
Re: How do my server 2003 (DNS) know the Internet?
... The Multihomed function is not for Internet access. ... has an ip of 156.40.10.10 for that network. ... It is due to a number of reasons, mainly DNS registration of both NICs, whereas you do not want that. ... It's highly recommended to single home all DCs and use a non-DC for the multihoming purposes. ...
(microsoft.public.windows.server.dns)