Re: clients dns settings

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
Date: Thu, 28 Dec 2006 07:46:07 -0500

In news:1167305048.621286.236860@xxxxxxxxxxxxxxxxxxxxxxxxxxxx,
jamestulloch <james@xxxxxxxxxxxxxxxx> stated, which I commented on below:

Hi All,

Should I allow clients to resolve internet adresses by seeting up
forwarding on my DNS servers. All my DNS servers are DCs in Windows
2003 native domain.

I was going to just force all internet lookups to go via IE and proxy
server.

What are the security implications of allowing this. I read somewhere
that the DNS acket will contain information about the ip address
structure and naming of our domain. Is this true? Does it matter?

TIA

James Tulloch

If you have proxy, such as an ISA server, yes, allow only web traffic and
resolution via proxy. That is offering better security.

In ANY GIVEN Active Directory scenario, please keep in mind that ALL domain
members (DCs and workstations) must only point to the internal DNS server.

--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...

.

References:
- clients dns settings
  - From: jamestulloch

Prev by Date: Re: dns query
Next by Date: Re: DNS SRV records
Previous by thread: clients dns settings
Next by thread: Re: DNS SRV records
Index(es):
- Date
- Thread

Relevant Pages

Re: DNS fowarding test
... It will be fowarding to my ISP's DNS servers on the external ... Microsoft MVP - Directory Services ... Instead of the website you're using, I suggest to use OEx (Outlook Express ...
(microsoft.public.windows.server.dns)
Re: Public dns server
... Do you remember the address of your ISP's DNS servers, ... Microsoft MVP - Directory Services ... Instead of the website you're using, I suggest to use OEx (Outlook Express ... Infinite Diversities in Infinite Combinations ...
(microsoft.public.windows.server.dns)
Re: Windows cannot find the network path error message in GPMC
... Preferred DNS server. ... bar of the Network Connections window, ... sure you have Forwarders to your ISP DNS servers Enabled. ... preventing access to this computer from the Internet" is Not checked on this ...
(microsoft.public.windows.group_policy)
Re: Domain Name 2 NS Mapping
... On the Public DNS you will create records that have names and IPs to point ... Also if a internet user has to connect to our website ... Internet user's DNS servers will ask the DNS servers listed on your Public ... network, these IPs cannot be routed accross the internet. ...
(microsoft.public.windows.server.dns)
Re: DNS not working
... will my DNS servers try to resolve the name/ip first and ... curious because if it's not the DNS server that you want to use to resolve, ... Instead of the website you're using, I suggest to use OEx (Outlook Express ... This is a direct link to the Microsoft Public ...
(microsoft.public.windows.server.dns)