Are Web server is located in a DMZ Zone. We are creating an intranet web page for the company, we created a test site to test with IIS and it was successful testing from the server side. For the testing site we created a DNS zone called test.local and then created an alias record called WWW that points to the computer names so that the users could type www.test.local. When we try on another computer that is located in the internal network it will not function because the WEB DNS server is not forwarding any request to the internal network DNS server. Since the web server is going to eventually host web site for external clients, if we had the web server DNS settings forward request to the internal DNS server and vise versa, is the internal network going to be vulnerable to the public and will hackers be able to see what DNS servers the web server is forwarding it request to? We will not forward our internal dns servers to the web server, we would forward the dns request from web server to internal servers.

"When we try on another computer that is located in the internal network it will not function because the WEB DNS server is not forwarding any request to the internal network DNS server." No, it's not working because your internal isn't forwarding requests to your external DNS server. "Since the web server is going to eventually host web site for external clients, if we had the web server DNS settings forward request to the internal DNS server and vise versa, is the internal network going to be vulnerable to the public and will hackers be able to see what DNS servers the web server is forwarding it request to?" You're doing this all wrong. Here's how it should be: The web server should be in the DMZ with a private IP. A NAT firewall on the border should forward the traffic for the public IP corresponding to this server. If you host your own public namespace DNS, it should have an A record mapping www.yourdomainserver.com to the public IP address. For internal clients, your internal DNS should have alias/A record that points your clients to the private IP address of your web server in the DMZ. Since this will be a publicly accessible web server, make sure you harden the server per Microsoft's Security Guide, and consider protecting it with ISA Server 2004/2006. Please help survivors of Hurricane Katrina! www.redcross.org