How NOT to provide external name resolution on win2k3?
- From: "Joel" <jwolfe(removethis)@digimarc.com>
- Date: Mon, 11 Apr 2005 09:14:23 -0400
We have a domain with 2 windows 2003 servers as domain controllers that are
also providing DNS services. Workstations within the domain are a
combination of windows xp and also legacy systems running windows nt. The
workstations point to these 2 servers as their preferred dns servers.
We recently discovered that the workstations can resolve internet addresses
with no problem. While we don't actually mind that the workstations have
internet access, we'd like to make it difficult for them to resolve internet
addresses.
At first I thought it was strange that the workstations were able to resolve
internet addresses in Internet Explorer because the servers don't have any
forwarders configured. The servers did however point to 2 "external
capable" dns servers as their numbers 3 and 4 dns servers. (The first 2
being themselves.)
I removed the entries of the external dns servers that were bound to the nic
card, and deleted the entries in the root hints list in the dns
properties. Well this seemed to have stunned it momentarily, but after a
few minutes the servers were again able to browse the internet. Is there
any easy way to change this so that the servers and the workstations cannot
resolve names enough to browse the internet?
Thanks, Joel
.
- Follow-Ups:
- Re: How NOT to provide external name resolution on win2k3?
- From: Kevin D. Goodknecht Sr. [MVP]
- Re: How NOT to provide external name resolution on win2k3?
- From: Dave Shaw [MVP]
- Re: How NOT to provide external name resolution on win2k3?
- Prev by Date: Re: DNS logging question (Newbie)
- Next by Date: Re: change subnet
- Previous by thread: Security concerns?
- Next by thread: Re: How NOT to provide external name resolution on win2k3?
- Index(es):
Relevant Pages
|
