RE: Do not use recursion on this domain
- From: James Yeomans BSc, MCSE <JamesYeomansBScMCSE@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 12 Nov 2008 00:15:01 -0800
I agree with you i don't see the point in using it. The only thing i can
think of is to block specific websites but yes web filtering software would
be a much better idea for that. Would be interested to hear the reason behind
it.
James.
--
James Yeomans, BSc, MCSE
Ask me directly at: http://www.justaskjames.co.uk
"oz.ozugurlu" wrote:
.
James, my point is to continue to have the name resolution in case if the
forwarders are not answering the recursive queries for a particular domain,
knowing the root hint servers will be there even it will be slow but still
internet name resolution is going to be working for the internal clients,
So **not** selecting the option
“do not use recursion for this domain”
seems to be better way for going forward providing DNS name resolution. I
just cannot see the bad part of doing this, hence I was wondering if someone
out there can shade a light on this.
At the end of the day everyone cares about not getting **Page can not be
displayed** when they type www.google.com into their web browsers in my
opinion as well as having access to all domain related resources.
I really would think content filtering software would be best way to fight/
deal with blocking access type of situations, something like websense.
--
Oz Ozugurlu
MVP (Exchange)
MCITP (EMA), MCITP (EA),MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
oz@xxxxxxxxxx
http://smtp25.blogspot.com (Blog)
"James Yeomans BSc, MCSE" wrote:
Isn't it just a good way of blocking resolution on domains that you dont want
users to access? Not exactly an all round filtering solution but has small
scale benefits.
--
James Yeomans, BSc, MCSE
Ask me directly at: http://www.justaskjames.co.uk
"oz.ozugurlu" wrote:
I would like to know what you guys are thinking about the option below in DNS
“Do not use recursion on this domain” on the DNS setting.
The option is there for
Don’t let your internal servers roam the Internet looking for name servers.(
Bill Boswell), by the way Bill Boswell has always been one of the best in my
eyes for Exchange and active directory I do enjoy his books a lot.
http://redmondmag.com/features/article.asp?EditorialsID=413
So the point I am trying to make is,
If ISP DNS servers fail, or wherever we are forwarding for internet name
resolution, we do bigger issues to worry about.
If this happens it seems to be still better option to do recursive lookup to
the root server for internet name resolution even it will be many hops and
slow response, rather than giving no answer
any toughts?
--
Oz Ozugurlu
MVP (Exchange)
MCITP (EMA), MCITP (EA),MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
oz@xxxxxxxxxx
http://smtp25.blogspot.com (Blog)
- References:
- Do not use recursion on this domain
- From: oz.ozugurlu
- RE: Do not use recursion on this domain
- From: James Yeomans BSc, MCSE
- RE: Do not use recursion on this domain
- From: oz.ozugurlu
- Do not use recursion on this domain
- Prev by Date: DNS Entry
- Next by Date: Re: Child domain and DNS
- Previous by thread: RE: Do not use recursion on this domain
- Next by thread: PTR-Records without FQDN
- Index(es):
Relevant Pages
|
