Implement a new dns server in a DMZ

Question

I currently have a few Dns servers (ad Integrated). Internally we are using domain.local and one ISA server running DNS domains domain.com and some other .com domains.

I have one server that is an ISA server running the domain.com dns as well as doing all the firewall and publishing duties.

I have implemented a watch guard firewall to replace the ISA and i have setup a Dmz for all Internet facing servers.

I need have created a 2012 server in the Dmz and have it doing all the domain.com work. The ISA is in the domain but the dns server in the Dmz will not be.

I have 30 external IP's I need to migrate over and several domain names.

What is the best way to achieve this?

If you're using domain.local internally and domain.com externally then that is not split-brain DNS. — joeqwerty, Apr 03 '13 at 13:35

score 1 · Answer 1 · answered Apr 03 '13 at 10:24

On the currently DNS Servers allow Zone transfers to the new Server. On the new Server configure all DNS Zones as Secondary Zone. After the Zone transfers have finished you can change the Zones on the new Server to Primary Zones. I recommend you to use 2 DNS Servers one Primary and one Secondary for redundancy. Use these DNS Servers as your Forwarders on the internal (domain.local) DNS Servers.

score 0 · Answer 2 · answered Apr 03 '13 at 20:34

Another way to do this, assuming these .com zones are not AD integrated, is to copy the actual zone files from the current server to the new server and create new zones from these files.

This negates the need to set up the new server as a secondary server and implementing a zone transfer from the current server to the new server.

Implement a new dns server in a DMZ

2 Answers2