Whole Brain DNS – How To

Whole Brain DNS is a method of reducing administrative overhead by separating DNS records between internal and external hosts. Any of the internal hosts will have DNS records belonging to one domain, and DNS records for external hosts will reside on another domain. The use of NAT would also be effective when applying such a setup, but that’s for another time.

Welcome to the third installment of the Installing Exchange 2010 series. To see previous procedures within this series you can click here. This part in the series, however, can be taken and applied on its own as this procedure does not include any configuration of Exchange.

For the purposes of this procedure, two Windows Servers will be used. The first, a domain controller, installed on a machine with a single NIC connected to the private network. This machine will be referred to as the Hub for this procedure. The second, a server joined to the domain but not promoted to domain controller status, has two NICs with one connected to a link with a route to the internet and the second connected to the private network. This machine will be referred to as the Edge.

Before following the procedure, configure the IP addressing on the three NICs appropriately, using a private address on the privately-linked NICs, and the “public” address on the externally-facing NIC on the Edge. The addressing scheme below is provided simply as an example. The reason private IP addresses are used in this procedure for both internal and external is that the setup this procedure was created from were virtual machines.

 

Machine Name NIC IP Mask Gateway DNS
Hub Internal 192.168.1.2 255.255.255.0 192.168.1.1 192.168.1.2
Edge External 10.252.1.12 255.255.0.0 10.252.0.1 192.168.1.2
Internal 192.168.1.1 255.255.255.0 192.168.1.1 192.168.1.2

 

  1. Hub
    1. Open the DNS Manager
    2. In the DNS Manager window, delete the existing reverse lookup zone for the lookup zone if it does not correspond to the currently configured IP
    3. Add the reverse lookup zone for the currently configured IP by right-clicking Reverse Lookup Zones and clicking New Zone…
      1. In the New Zone Wizard click Next
      2. Leave the default Primary zone radio button selected and click Next
      3. Leave default To all DNS servers running on domain controllers in this domain and click Next
      4. Leave the default selection and click Next
      5. Enter the network ID of the currently configured private network like below

        Click Next
      6. Leave the default selection and click Next
      7. Click Finish
    4. Select the new reverse lookup zone and right-click the right-hand pane, clicking New Pointer (PTR)… from the context menu
      1. In the New Resource Record window enter the IP address of the Hub’s NIC
      2. Click Browse and browse to the A record called (same as parent folder)

      3. Click OK
    5. Right-click the domain-controller’s domain (in my case it’s local)
    6. From the context menu, click Properties

      1. In the Zone Transfers tab, check the Allow zone transfers checkbox
      2. Select the Only to the following servers radio button and click Edit
      3. In the Allow Zone Transfers window add the IP address of the Edge server’s internal NIC, hit Enter and click OK
      4. Click OK
    7. Right-click on the machine name (WIN2008-3A in my case)
    8. From the context menu, click Properties

      1. In the Forwarders tab click Edit…
      2. In the Edit Forwarders window, if an IP address exists, click on it and click Delete
      3. Add the IP address of the Edge internal NIC and hit enter
      4. Click OK
      5. Uncheck Use root hints if no forwarders are available
      6. Click OK
  1. Edge
    1. Open the DNS Manager
    2. Fully expand the DNS tree and right-click Forward Lookup Zones

    3. From the context menu click New Zone…
      1. In the New Zone Wizard window, click Next
      2. Select the Secondary zone radio button and click Next

      3. Enter the name of the Active Directory domain (using the example before, that would be manual.local) and click Next
      4. In the Master Servers area, add the IP address of the Hub’s NIC, hit Enter and click Next

      5. Click Finish
    4. Right-click Reverse Lookup Zones and from the context menu select New Zone…
      1. In the New Zone Wizard window, click Next

      2. Leave the default Primary zone radio button selected and click Next
      3. Leave the default IPv4 Reverse Lookup Zone radio button selected and click Next
      4. Enter the network ID of the External NIC on the Edge and click Next
      5. Click Next
      6. Leave the default Do not allow dynamic updates and click Next
      7. Click Finish
    5. Right-click Forward Lookup Zones and select New Zone… from the context menu
      1. In the New Zone Wizard window click Next
      2. Leave the default Primary zone selected and click Next
      3. Name the zone (in my example, I’m using manual.remote as the external domain) and click Next
      4. Click Next
      5. Leave the default Do not allow dynamic updates radio button selected and click Next
      6. Click Finish
    6. Right-click the external domain and click New Host (A or AAAA)…
      1. Leave Name blank
      2. Enter the external IP of the Edge server
      3. Check the Create associated pointer (PTR) record checkbox
      4. Click Add Host
      5. Click OK
      6. Click Done
    7. Right-click on the machine name and click Properties in the context menu
      1. In the Forwarders tab click Edit…
      2. Add the IP of the desired public DNS server and hit Enter

      3. Click OK
      4. Click OK

Leave a Reply

Your email address will not be published.


*