Topic Last Modified: 2010-07-17
Each Edge Server will be a multihomed computer with external and internal facing interfaces. Adapter Domaind Name System (DNS) settings will depend on whether there are DNS Servers in the perimeter. If DNS Servers do exist in the perimeter, they must have a zone containing one or more A records for the next hop server or pool (either a Director or a designated Front End pool), and for external queries they will refer name lookups to other public DNS servers. If no DNS Servers exist in the perimeter, the Edge Server(s) will use external DNS servers to resolve Internet name lookups, and a HOST file will be used on each Edge server to resolve the next-hop server names to IP addresses.
Warning: |
---|
For security reasons, it is not recommended that you have Edge Servers access a DNS Server located in the internal network. |
Configure Interfaces – DNS Servers in Perimeter
-
Install two network adapters for each Edge Server, one for the internal-facing interface and one for the external-facing interface. The internal and external subnets must not be routable to each other.
-
On the external interface, configure 3 static IP addresses on the external perimeter network (also known as DMZ, demilitarized zone, and screened subnet) subnet, and point the default gateway to the internal interface of the external firewall. Configure adapter DNS settings to point to a pair of perimeter DNS servers.
Warning: It is possible to use as few as one IP addresses for this interface, but it will require changing the port assignments to non-standard values. -
On the internal interface, configure one static IP address on the internal perimeter network subnet and do not set a default gateway. Configure adapter DNS settings to a pair of perimeter DNS servers.
-
Create persistent static routes on the internal interface to all internal networks where clients or Communications Server 2010servers reside
Configure Interfaces – No DNS Servers in Perimeter
-
Install two network adapters for each Edge Server, one for the internal-facing interface and one for the external-facing interface. The internal and external subnets must not be routable to each other.
-
On the external interface, configure 3 static IP addresses on the external perimeter network subnet, and point the default gateway to the internal interface of the external firewall. Configure adapter DNS settings to point to a pair of external DNS servers.
Warning: It is possible to use as few as one IP addresses for this interface, but it will require changing the port assignments to non-standard values. -
On the internal interface, configure one static IP address on the internal perimeter network subnet and do not set a default gateway. Leave adapter DNS settings empty.
-
Create persistent static routes on the internal interface to all internal networks where clients or Communications Server 2010servers reside
-
Edit the HOST file on each Edge Server to contain a record for the next-hop server or virtual IP (VIP) (this will be the Director, Standard Edition server, or a Front End Pool that was configured as the Edge next hop address in Topology Builder). If using DNS load balancing, include a line for each member of the next-hop pool.