DNS Forwarder Issues
Windows Server Forum Index Windows Server
Server discussion on Windows platform.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web winserverhelp.com
DNS Forwarder Issues

 
Post new topic   Reply to topic    Windows Server Forum Index -> DNS
Author Message
Rajnish
Guest
Posted: Wed Jan 12, 2005 3:31 am    Post subject: DNS Forwarder Issues Reply with quote
Hi
I've single domain model with 4DNS Servers that are catering to internal
queries and one DNS server catering to external queries.External DNS server
has forwarders of ISP which generally have some or the other problems we have
to change the forwarders on frequent intervals.We are looking for the root
server to query external queries instaed of thru forwarders.What would be the
problems /threat as the Server will be prone to any attack on th DNS.Suggest
a remedy for this.

Regards
Rajnish
Back to top
Sharad Naik
Guest
Posted: Wed Jan 12, 2005 11:49 am    Post subject: Re: DNS Forwarder Issues Reply with quote
Hello Rajnish,
Using Root Hints instead of forwarders does not any
way change your present security risks.

Whether using forwarder or not, the server should be
behind a good firewall. For external queries there is no
need to open any port through the firewall (wether forwarders or roots
hits.).

So in short you can just delete the forwarders, and
ensure that Root Hints are properly configured.

Sharad

"Rajnish" <Rajnish@discussions.microsoft.com> wrote in message
news:D3648BCB-68F6-4AAE-85D3-DF9F976B8264@microsoft.com...
Quote:
Hi
I've single domain model with 4DNS Servers that are catering to internal
queries and one DNS server catering to external queries.External DNS
server
has forwarders of ISP which generally have some or the other problems we
have
to change the forwarders on frequent intervals.We are looking for the root
server to query external queries instaed of thru forwarders.What would be
the
problems /threat as the Server will be prone to any attack on th
DNS.Suggest
a remedy for this.

Regards
Rajnish
Back to top
Herb Martin
Guest
Posted: Wed Jan 12, 2005 12:47 pm    Post subject: Re: DNS Forwarder Issues Reply with quote
"Rajnish" <Rajnish@discussions.microsoft.com> wrote in message
news:D3648BCB-68F6-4AAE-85D3-DF9F976B8264@microsoft.com...
Quote:
Hi
I've single domain model with 4DNS Servers that are catering to internal
queries and one DNS server catering to external queries.

All internal clients (this includes servers such as DCs)
must be set SOLELY to the internal Server set.

The internal Servers should (in general) continue to
forward to the "forwarder."

Quote:
External DNS server
has forwarders of ISP which generally have some or the other problems we
have
to change the forwarders on frequent intervals.We are looking for the root
server to query external queries instaed of thru forwarders.

You should in general continue forwarding to your
externally focussed Forwarder -- this is frequently
placed on the Gateway/Firewall.

This server should not hold sensitive info about
your internal network or business.

Quote:
What would be the
problems /threat as the Server will be prone to any attack on th
DNS.Suggest
a remedy for this.

It is best not to have the Internal (and presumably
sensitive) servers doing external physical recursion.

Not only does it complicate your firewall rules,
put more load on your WAN, it means that those
(sensitive) servers much be able to visit ANY
IP in the Internet, such as the fine folks at:

dns1.ReallyEvilCrackers.com

If there is ever an identified bug in the DNS service
do you trust those guys to answer questions honestly?



--
Herb Martin


Quote:

Regards
Rajnish
Back to top
 
Post new topic   Reply to topic    Windows Server Forum Index -> DNS All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




New Topics Powered by phpBB