This maybe unusual question but I would like to find out if this is possible.
We have several security zones behind firewall, let's call them LAN, DMZ and Backend.
There is a DNS server (bind, servername is ns1.domain.com) in DMZ zone, set as split DNS.I.e. it resolves domain.com public addresses to the request made from the Internet and private NATed addresses for same domain.com domain to the requests coming from the LAN and Backend.
It all works fine, however now I am introducing Windows 2008 AD into the Backend as server base grows and managing SAM databases is not an option anymore.Windows domain name is DOMAIN.COM.I realise that this may be confusing setup but this is done to keep things simple in the naming department.
Naturally this requires using Windows DNS which is on the same AD.DOMAIN.COM server.
DNS zones on this server work fine and I have set up a forwarder for ns1.domain.com for any internet related queries.
Now the question. If I want to resolve host located in the DMZ NATed subnet from th windows host in the Backend(i.e. use internal part of the split brain DMZ) , how do I make sure that requests for whatever_is_not_in_windows_domain.com_zone".domain.com are forwarded to the internal split brain DMZ?Is it possible at all?
I realise that I can hardcode them into the windows dns server zone, but this looks like a workaround, not a solution...
Hopefully I was clear enough :)