Re: How NOT to provide external name resolution on win2k3?

There are a number of ways to do this - but I'm not sure that's *really*
what you want to do ...

The best way to "control" internet access is via Proxies. Configure your
client's browsers to point to a proxy address and any "non-local" queries
will be forwarded by the client directly to the proxy. The proxy can be
configured to control Internet access as the administrator sees fit.

If you want to ensure your internal DNS servers don't forward, either
disable forwarding or configure them as "Root Servers".

-ds


"Joel" <jwolfe(removethis)@digimarc.com> wrote in message
news:eCpfjhpPFHA.1528@xxxxxxxxxxxxxxxxxxxxxxx
> We have a domain with 2 windows 2003 servers as domain controllers that
> are
> also providing DNS services. Workstations within the domain are a
> combination of windows xp and also legacy systems running windows nt. The
> workstations point to these 2 servers as their preferred dns servers.
>
> We recently discovered that the workstations can resolve internet
> addresses
> with no problem. While we don't actually mind that the workstations have
> internet access, we'd like to make it difficult for them to resolve
> internet
> addresses.
>
> At first I thought it was strange that the workstations were able to
> resolve
> internet addresses in Internet Explorer because the servers don't have any
> forwarders configured. The servers did however point to 2 "external
> capable" dns servers as their numbers 3 and 4 dns servers. (The first 2
> being themselves.)
>
> I removed the entries of the external dns servers that were bound to the
> nic
> card, and deleted the entries in the root hints list in the dns
> properties. Well this seemed to have stunned it momentarily, but after a
> few minutes the servers were again able to browse the internet. Is there
> any easy way to change this so that the servers and the workstations
> cannot
> resolve names enough to browse the internet?
>
> Thanks, Joel
>
>


.

Relevant Pages

  • Re: How to host email using Exchange 2003
    ... > You Own SMTP Mail using Exchange 2000" and think the instructions will ... So their DNS your company is using is Internet "facing". ... record specific Emails servers. ... The ISP DNS servers will do the job of sending Internet mails out. ...
    (microsoft.public.exchange.setup)
  • Re: Can not see my own websites after setting up routing
    ... Now I have to setup two servers as my external DNS servers (ns1.thenoc.us ... Networking, Internet, Routing, VPN Troubleshooting on ... This issues seems to only happen on my internal network. ...
    (microsoft.public.win2000.ras_routing)
  • Re: What servers should be added in "Namer Servers" tab...
    ... > We have problem resolving certain internet webpages. ... > All our clients point to internal DNS servers only. ... The only NS records are supposed to be DNS servers that have the zone. ...
    (microsoft.public.windows.server.dns)
  • Re: DNS Resolving to internet adderss intermittently
    ... > we have on the internet. ... both internal and external DNS servers on the client NIC->IP ... Internal clients must use STRICTLY internal DNS servers. ... > The only fix I have found is more of a bandage that a fix. ...
    (microsoft.public.win2000.dns)
  • RE: IIS6 Security and other web servers
    ... IIS6 Security and other web servers ... I know of no Windows architecture that is exposed directly to ... I know of a number of LAMP-type servers that are ... exposed directly to the Internet with no intervening layers. ...
    (Security-Basics)