Selective forwarding from an internal only name server
S Carr
sjcarr at gmail.com
Thu Aug 18 08:31:01 UTC 2016
On 18 August 2016 at 01:04, anup albal <anupalbal at hotmail.com> wrote:
> Does that mean I setup another forwarding zone called microsoft.com or
> sharepoint.microsoft.com or both?
Ideally you should setup a completely separate caching/forwarding
server and not be using the external DNS box (NS1) for this purpose.
On the box you are forwarding the queries to (NS1) you need to enable
recursion and specify an ACL for recursion to limit it to only
allowing recursion from the internal DNS1 box.
On the internal DNS box (DNS1) also make sure recursion is enabled and
an ACL in place allowing your client subnets, and configure forward
zones for sharepoint.com and microsoft.com zones (and any other zones
needed by the sharepoint service) to point at the NS1 box.
More information about the bind-users
mailing list