Hi All, We have DMZ in which we would like host our own DNS server for our company. We have will two Windows 2008 R2 Servers for this purpose. We also have bunch public IP from our ISP. I need help in following 1. Documentation for installing and configuring public DNS on Windows 2008 Server 2. How to make this DNS registered so that it will help resolve my records, Do I have to register with ISP 3. We want to make both the servers as authoritative and responsive to request Thanks uday

There is quite a bit of information that you need to get this completed. First, I would strongly recommend that rather than hosting your own DNS, you consider using the DNS services provided by your domain registrar. Its usually included in the cost and they have already invested alot of money into making their infrastructure highly available. With that said, the first step is to set up two DNS servers in your DMZ. Since these are going to be hosting internet zones, I would make sure that you disable recursion (in the advanced tab). Do Not Use Recursion For This Domain vs Disable Recursion http://www.anitkb.com/2011/05/do-not-use-recursion-for-this-domain-vs.html Go ahead and create the zone and add the records that you need for your webservers, mail servers, and other DMZ hosts. No internal hostnames/IPs should be added to any of the external zones. Next, you'll need to make sure that your perimeter firewall is allowing TCP/UDP 53 to get to the DNS servers. Finally, at your domain registrar, for your domain name, you'll need to delegate the domain to your DNS servers. That involves creating NS records in that zone pointing to your public IPs. Most registrars have a nice wizard to help you get this completed. Visit: anITKB.com, an IT Knowledge Base.

thanks a lot JM. Good information. I have one query, I want my domain registrar to hold these records too, but as a secondary server. they will not have authority to edit any thing but just a replica.

Lets say you have obtained domain.com.... On the DNS servers hosting .com, there will be a zone called "domain.com"... In that zone, you would then have an NS record for delegation to your Public IP and another NS record for delegation to the other hosted DNS server that will be holding your DNS zone. You'll have to check with them to see if they offer that service. It technically easy to do so I assume most registrars would have this type of service. Visit: anITKB.com, an IT Knowledge Base.

Thanks JM What is recommend, the method to have two NS record for two Servers or one NS record but two DNS servers acting as NLB?

The first recommendation is to have two DNS servers hosting your zones. Please note that DNS does not have a built in NLB. Each DNS server will operate independantly of each other and share no load. The way that the "load" balancing occurs is because when clients do a lookup for domain.com, the .com DNS servers will respond back with both IPs for your DNS. clients will then attempt to connect to the DNS servers returned in the query in the order that they received the IPs. When round robin is turned on DNS servers change the order of returning the IPs. Therefore you start to see a "load" balancing effect. If you wanted to actually network load balance your DNS servers, you could do this with software NLB services, but the appropriate method would be done with a hardware load balancer. This will dramatically increase your costs. When it comes to DNS services, its hard to find a justification for the extra costs, unless you are doing some type of "global" server load balancing where depending on where you clients are, records are passed back for local resources. I would recommend to start with two seperate DNS servers and work you way from a simplified design to a more complex one if the business requires it. DNS has been around for quite a bit of time and is very stable. Also keep in mind that if you find that two DNS servers cannot handle the load (which really has to be a massive amount of traffic), you can always add additional NS servers hosting the zone, i.e. One DNS server hosting the primary and one or more hosting secondary zones. Of course, if you have two DNS servers, it is always best to have them in seperate locations. The farther apart and more protection, the more costly. For example... 1) Two DNS servers in the same datacenter, same subnet, same rack, same power. 2) different power 3) different racks 4) different subnets 5) different datacenters hosted by the same provider 6) different ISP providers 7) etc... As you add more protection, the cost goes up exponentially. Visit: anITKB.com, an IT Knowledge Base.