This example depicts a simple subnet with a Domain Name System (DNS) server connected directly to the Internet.
The following illustration depicts the same example network from the single DNS server for intranet example, but now the company has added a connection to the Internet. In this example, the company is able to access the Internet, but the firewall is configured to block Internet traffic into the network.
To resolve Internet addresses, you need to do at least one of the following tasks:
- Define Internet root servers
You can load the default Internet root servers automatically, but you might need to update the list. These servers can help to resolve addresses outside of your own zone. For instructions for obtaining the current Internet root servers, see Access external Domain Name System data.
- Enable forwarding
You can set up forwarding to pass queries for zones outside of mycompany.com to external DNS servers, such as DNS servers run by your Internet service provider (ISP). If you want to enable searching by both forwarding and root servers, you need to set the forward option to first. The server first tries forwarding and then queries the root servers only if forwarding fails to resolve the query.
The following configuration changes might also be required:
- Assign unrestricted IP addresses
In the example above, 10.x.x.x addresses are shown. However, these are restricted addresses and cannot be used outside of an intranet. They are shown below for example purposes, but your own IP addresses is determined by your ISP and other networking factors.
- Register your domain name
If you are visible to the Internet and have not already registered, you need to register a domain name.
- Establish a firewall
It is not recommended that you allow your DNS to be directly connected to the Internet. You should configure a firewall or take other precautions to secure your iSeries™ server.