RE: MS DNS and AD question

From: Dimitri Limanovski (dimitri@salliemaesolutions.com)
Date: 10/26/01

• Previous message: Laura A. Robinson: "Re: MS DNS and AD question"
• Maybe in reply to: James Fullerton: "MS DNS and AD question"
• Next in thread: McCammon, Keith: "RE: MS DNS and AD question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <8E59B8D3ACFA454D95FCAF90CBADDE464434CC@xchange.cambridge.salliemaesolutions.com>
From: Dimitri Limanovski <dimitri@salliemaesolutions.com>
To: 'James Fullerton' <James@RS25.com>, "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
Subject: RE: MS DNS and AD question
Date: Fri, 26 Oct 2001 16:12:16 -0400

Our answer to that was firewall with NAT capabilities.
So, local LAN has private IP address scheme and I have full block of public
IPs from our ISP to use for NATting.
So, when user does an nslookup, request gets translated through the firewall
from public to private.

Dimitri

-----Original Message-----
From: James Fullerton [mailto:James@RS25.com]
Sent: Friday, October 26, 2001 11:40 AM
To: focus-ms@securityfocus.com
Subject: MS DNS and AD question

I'm using MS DNS and AD, and AD publishes my internal IP addresses to anyone
who wants to see them (using nslookup for example). I would like to prevent
that from happening, and keep my internal IP addresses hidden (i.e.,
10.0.0.2 should not be visible). Short of setting up separate internal and
external DNS servers, can this be done? If so, can someone please direct me
to directions or provide details?

Microsoft's weak answer:
It is possible to keep the two zones on one server and to integrate the zone
with the Active Directory security features. With proper access control to
the DNS files in Active Directory, one might be able to restrict internal
DNS queries to authenticated users only. However, we have not verified this
solution. The complexity of this solution would require extensive testing to
ensure proper settings are being made and no internal information is being
erroneously exported to the Internet.

Thanks,

James F
James@RS25.com
(303) 913 - 6998

---

• Previous message: Laura A. Robinson: "Re: MS DNS and AD question"
• Maybe in reply to: James Fullerton: "MS DNS and AD question"
• Next in thread: McCammon, Keith: "RE: MS DNS and AD question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Windows Server 2003 DNS & Active Directory Installation? ... Sorry I don’t have an experience in DNS & Active Directory configuration ... These features I should be needed for my organization in our server which is ... DNS (I really couldn’t understand why need DNS? ... transfer/share file over the internet through secured way. ... (microsoft.public.windows.server.general) Re: DNS Server with 2 NICs ... >> Public IP and the other one is having Private IP. ... the problelm I am facing is that when I ping my DNS ... > If you are trying to host the public zone on the private DNS server ... > Intermittent Internet Connection - DNS Netlogon refresh problem? ... (microsoft.public.windows.server.dns) Re: Subnet problem. ... I do understand that it should be changed to any private ip range. ... DNS or NetBIOS. ... own and they are connected to the Internet. ... ip range of 198.x.x.x on their network. ... (microsoft.public.windows.server.dns) Re: Urgent! New router and big disaster ... Both NICs should point to his internal IP for DNS. ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ... (microsoft.public.windows.server.sbs) Re: Urgent! New router and big disaster ... Both NICs should point to his internal IP for DNS. ... You should give your SBS a fixed external address so you can forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)