Announcement

Collapse
No announcement yet.

dns config in dmz

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • dns config in dmz

    Hi experts,

    we just setup a dmz in our network env.

    currently there is only 1 server sitting in dmz; and it is a web server. The website requires a connection to the sql database in the internal network.

    i just bit confused with the dns configuration for this host in the dmz. Should I put an internal dns network or use a public dns from our ISP?

    what is the best practice for this one?

    cheers.

  • #2
    Re: dns config in dmz

    well.. if it needs to resolve the address of a server on the internal lan, then it needs to speak to the internal DNS Server, not the public dns server.

    Alternately, you could consider using just a hosts entry, or a hard coded IP address for the SQL server in your config files..
    means one less port in the firewall..
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: dns config in dmz

      Originally posted by tehcamel View Post
      Alternately, you could consider using just a hosts entry, or a hard coded IP address for the SQL server in your config files..
      means one less port in the firewall..
      Bingo.

      Easiest option IMO.

      I'm presuming you've already opened the ports for the server to reach the SQL server??

      Hopefully you've also changed to ports and set it so only that server can access it.

      Comment


      • #4
        Re: dns config in dmz

        Hi there,

        thanks for the quick reply.

        we do have the IP address hard-coded for database connection. Yes; we did setup 1 IP address only inside our dmz env.

        we just need the internet connection to resolve some of our plugin in our website to get connection to our head office (outside lan)

        So it is actually okay to put internal IP address in the DMZ?

        Comment


        • #5
          Re: dns config in dmz

          wait, what ?

          your external guests (me, for instance)
          browse to www.dahitsydney.com
          that should be ALL i need to see.
          If there are components that need to talk back to the database, then your webserver does it.

          If there are modules that need to be installed on my computer to do it, then you use a Web Service Call to do it.. so build the relevant modules in..

          under no circumstances should your end users be aware of the database, or all the back end infrastructure.. they should only know about the web server. And also.. the back end infrastrcture should have no concept of anything but the web server..


          what is the plugin trying to get to ?
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: dns config in dmz

            hi there,

            sorry; takes a while to reply.

            the plugin is "ComponentArt"; it is a calendar plugin; where visitor can select the date from the website.

            when you mention "Web Service"; is this something from the coding point of view? or System point of view? (IIS)?

            please advise

            Comment


            • #7
              Re: dns config in dmz

              you've got one server in your DMZ (a web server) and one Database, right?
              Your calendar component, would I guess, be installed on the webserver.

              It's ok for the webserver to talk to the database server
              but there should be no conceivable way that the end-users should be able to talk to the database..
              That's what the web server is for
              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

              Comment


              • #8
                Re: dns config in dmz

                Hi Experts (tehcamel and wullieb1)

                thanks for the answers and confirmation.

                cheers

                Comment

                Working...
                X