Re: DNS timeouts?
From: Herb Martin (news_at_LearnQuick.com)
Date: 02/07/05
- Next message: Andrew Hodgson: "Re: Intranet Webserver/Application Servers and DNS"
- Previous message: Herb Martin: "Re: DNS timeouts?"
- In reply to: Ted: "Re: DNS timeouts?"
- Next in thread: Herb Martin: "Re: DNS timeouts?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 7 Feb 2005 16:03:21 -0600
"Ted" <Ted@discussions.microsoft.com> wrote in message
news:50D893CE-D500-40BF-819A-2CDB50AAE4DF@microsoft.com...
> my understanding was that having a caching only DNS server as the only
> internet facing DNS was more secure. There are no zones except stub zones
for
> the internal DNS, no zone transfers and only one, inherently more secure,
> server facing the net.
You are correct. It also keeps DCs/DNS servers
off the Internet and behind the firewall.
-- Herb Martin "Ted" <Ted@discussions.microsoft.com> wrote in message news:50D893CE-D500-40BF-819A-2CDB50AAE4DF@microsoft.com... > my understanding was that having a caching only DNS server as the only > internet facing DNS was more secure. There are no zones except stub zones for > the internal DNS, no zone transfers and only one, inherently more secure, > server facing the net. > > "Mark Renoden [MSFT]" wrote: > > > Hi Ted > > > > I normally just have my internal DNS server forward directly to the ISP. On > > the ISA Server, I point the internal NIC to the internal DNS server and > > don't bother setting a DNS server on the external NIC. In this way, all > > requests go via the internal DNS server and then get forwarded to the ISP > > for external resolution. > > > > What was your motivation for caching on the ISA server? > > > > Kind regards > > -- > > Mark Renoden [MSFT] > > Windows Platform Support Team > > Email: markreno@online.microsoft.com > > > > Please note you'll need to strip ".online" from my email address to email > > me; I'll post a response back to the group. > > > > This posting is provided "AS IS" with no warranties, and confers no rights. > > > > "Ted" <Ted@discussions.microsoft.com> wrote in message > > news:85084BCC-81E0-4C24-B4A7-18786065DC6C@microsoft.com... > > >I have ISA 2004 working perfectly except that occasionally the client will > > > get a message back that the Gateway could not find an authoritative DNS > > > server for the domain.... > > > > > > The client is querying an internal DNS and then it forwards to the cahcing > > > server on ISA. everything is local to the client so the speed should be > > > there....I was thinking of increasing the DNS server forwarder timeout but > > > it > > > is currently set to 5 seconds which should be enough?? > > > > > > When I dont use ISA, the response is pretty fast so I'm not sure if this > > > is > > > the right move. > > > > > > Any ideas? > > > > > >
- Next message: Andrew Hodgson: "Re: Intranet Webserver/Application Servers and DNS"
- Previous message: Herb Martin: "Re: DNS timeouts?"
- In reply to: Ted: "Re: DNS timeouts?"
- Next in thread: Herb Martin: "Re: DNS timeouts?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
