The following DNS configuration and name resolution scenarios are considered in detail with overlapping internal and external namespaces, since it is the most complicated case.
It is assumed that the namespaces of both companies consist only of names within a NSI assigned domain, that is, yyy.com. and zzz.com. It is also assumed that all computers in the YYY Corporation are proxy clients supporting Proxy AutoConfiguration File, while none of the computers in the ZZZ Corporation are proxy clients. The goal in this section is to demonstrate the appropriate configuration of the DNS servers, zones and clients to satisfy the following requirements:
•Expose only a public portion of the namespace to the Internet,
•Enable a company computer to resolve any (internal or external) names within its company,
•Enable a company computer to resolve any name from the Internet.
Finally, assume that the two considered corporations have merged and now every computer from these two private namespaces should be able to resolve any (internal and external) name, not only within the namespace of its own company, but within a namespace of the merged company as well.
The following solution will satisfy all four of these requirements.
Two DNS servers exposed to the Internet are authoritative for two zones, yyy.com. and zzz.com., as shown on the figure below. (To simplify the example, one server and one zone per company have been chosen. In reality a company may choose to have more servers and zones such as first.yyy.com, second.yyy.com. and so forth.) These zones contain only records corresponding to external names and delegations of the YYY and ZZZ Corporations (or in other words, only those records which these two companies wish to expose to the external world). This is the only common solution for both companies. The rest of the design features are different.
First consider the private namespace design and the configuration of the DNS servers, zones and clients in case the company’s computers are not proxy clients, for example, in ZZZ Corporation.
A company must devote a set of DNS Servers that are not exposed to the Internet to maintain zones containing all names (both internal and external) from the company namespace. Every DNS client must send DNS queries to some of these DNS servers. Every DNS server must forward queries to a
(s). If a DNS server contains a
To guarantee that a company client is able to resolve any hostname from the merged companies every DNS server containing a
Windows 2000 White Paper | 48 |