I am in the process of setting up name servers for our hospital's public domain. We currently have one Web server internally that handles our Internet and intranet sites, and our PIX has a hole through it for access from the outside to the inside Web server. My question is in how to best handle the DNS during this migration, specifically concerning the Exchange entries (we handle our own e-mail). My new DMZ, with name servers and public Web server, has been set up and tested, and I am to the point of defining the DNS on those name servers for propagation (to include MX entries). Along these lines, my secondary issue is how do I keep the DMZ DNS entries (private IP subnet 10.10.x.x) from propagating out with my public IP DNS entries?
Maybe I'm missing something, but I don't completely understand what transition you're going through. Your DNS is currently externally hosted, and you're moving it inside the firewall, and your ISP will perform secondary, correct?
If that's the case, I would set up different zones for internal and external DNS to keep your internal entries from slipping out. There are other ways to do it, but simply filtering records has a huge potential for human error.
During the transition, keep the existing DNS server up and running for a few days until it's no longer getting requests for your domain. It doesn't hurt to have it online and thinking it's authoritative. Just don't plan on changing any DNS records during the transition period. After your nameserver changes have propagated throughout the Internet, you can take the old DNS server offline.
Dig deeper on Microsoft Active Directory
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.