Hi Team,
Can we set up NON-AD integrated secondary DNS server(work group server) in DMZ and configure zone transfer from AD intergrated primary DNS in domain.
if it is possible then what ports to be enable and how to configure the zone transfer.
Kindly suggest.
You can configure a secondary zone in your DMZ that will replicate your primary (AD integrated) zone from our internal network.
Zone transfer require TCP and UDP 53 and you must allow zone transfer on your primary zone.
Hi cthivierge,
Thanks for the above details.
will it work if the secondary DNS which is in DMZ is not join to domain.
Thanks
Fahad
Yes, no problem.
On your primary DNS Server
- Right click on the zone you want to transfer and go in the zone transfers
- Click the check box Allow zone transfer and then click on the radio button Only to the following servers
- In the list, add the IP address of your DNS server in the DMZ and it's done.
On your DNS Server in the DMZ, in the DNS console
- Right click on Forward lookup zone
- Select New Zone
- Click Next and select Secondary zone
- Type the name of the zone you want to transfer (ex: mydomain.internal) and click next
- type the IP address of the internal DNS server from which you want to read the zone (the AD Server)
- Click Next and click finish
hth
Ok, so I stood up a new one in workgroup and can confirm this absolutely will work but it is imperative that you create the reverse zone as first step.
Hi cthivierge/Patric,
thanks for the above answer.
i will test it and confirm you.
Thanks
Fahad
5 people are following this question.
