Re: Root Hints or forwarders?

From: Herb Martin (news_at_LearnQuick.com)
Date: 10/15/04

• Next message: huff-n-puff: "Re: Root Hints or forwarders?"
• Previous message: Herb Martin: "Re: DNS dilemma"
• In reply to: huff-n-puff: "Root Hints or forwarders?"
• Next in thread: huff-n-puff: "Re: Root Hints or forwarders?"
• Reply: huff-n-puff: "Re: Root Hints or forwarders?"
• Messages sorted by: [ date ] [ thread ]

---

Date: Fri, 15 Oct 2004 12:47:31 -0500

Forwarders. <grin>

> I have 2 DNS servers AD integrated authoratitive for the internal DNS zone
> only, I also have 2 external DNS servers on our DMZ as primary/secondary
for
> our internet facing zones.
>
> I want to keep the internal DNS servers from querying anything other than
> the 2 DMZ based DNS servers when looking up external hostnames.

Use Forwarders, and check "do not user recursion" on that SAME
"Forwarders" dialog page (not in advanced since that disables
forwarders TOO.)

Without that checkbox you internal servers will both forward AND
physically recurse the root.

> I also want the 2 DMZ DNS servers to only query our ISPs DNS servers when
> they do lookups.

Good too -- you can use the ISP for forwarding, or you
can use your own external servers for that if you don't
even want your DCs going as far as the ISP.

Generally, you DCs should be firewall/filtered so they
cannot reach the Internet even if you forgot to stop such.

(You can make exceptions for places like Windows Update
OR you can just run an Internal SUS server for there updates.)

> What is the best way to do this? Forwarders or replacing the root hints,
> should I turn off recursion on the servers anywhere?

Forwarders. (and check the do not use recursion, making it unnecessary
to mess with the root hints.)

> Thanks for any help.
>
> M

---

• Next message: huff-n-puff: "Re: Root Hints or forwarders?"
• Previous message: Herb Martin: "Re: DNS dilemma"
• In reply to: huff-n-puff: "Root Hints or forwarders?"
• Next in thread: huff-n-puff: "Re: Root Hints or forwarders?"
• Reply: huff-n-puff: "Re: Root Hints or forwarders?"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: How to host email using Exchange 2003 ... > You Own SMTP Mail using Exchange 2000" and think the instructions will ... So their DNS your company is using is Internet "facing". ... record specific Emails servers. ... The ISP DNS servers will do the job of sending Internet mails out. ... (microsoft.public.exchange.setup) Windows 2003 SP1 AD DC DNS fails to resolve multihomed A record using Forwarder ... We have multiple forwarders listed and only ... Note that the hostname that we were attempting to resolve has multiple ... These servers also forward queries to the ISP DNS servers. ... (microsoft.public.windows.server.dns) Re: Root Hints or forwarders? ... > You say to use forwarders but on which servers the internal or DMZ? ... Just be sure to AVOID the "disable recursion" check box in the ... >> cannot reach the Internet even if you forgot to stop such. ... (microsoft.public.win2000.dns) Re: Can not see my own websites after setting up routing ... Now I have to setup two servers as my external DNS servers (ns1.thenoc.us ... Networking, Internet, Routing, VPN Troubleshooting on ... This issues seems to only happen on my internal network. ... (microsoft.public.win2000.ras_routing) Re: Need help with DNS design and settings ... about forest root and tree root domains. ... The name servers box is usually populated automatically (at least I ... thought so) with the DNS servers you have the AD integrated zones on. ... > forwarders for internet queries, I put the address of my 2 external DNS ... (microsoft.public.win2000.dns)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.dns  > 2004-10