I guess I'm just over-thinking it! So what's the most secure way of allowing my internal DNS to query the ISP's DNS for internet address resolution? The internal DNS server is W2K. --- [EMAIL PROTECTED] wrote: > On 4 Dec 2001, at 10:39, Rick Brown wrote: > > > This is a little off topic but I thought you guys > would be the > > one's to ask. I only have a mail server and a web > server (for > > web-based email access) in my DMZ. Do I have to > have a DNS server > > in the DMZ or can I just use my ISP's DNS? I have > an internal DNS > > server(s). What are the drawbacks to using my > ISP's DNS. I won't > > need to make very many DNS changes in the future > so I'm not > > concerned with how long it takes to make a DNS > update. I know the > > other way to go would be a split-DNS setup. Any > help/advice would > > be greatly appreciated. Thanks. > > Who would use this DNS? > > 1. Local internals -- they can use the internal DNS, > which probably > lists internal private machines that you don't want > publicly listed > anyway. > > 2. The DMZ servers -- your web server, for instance, > might need to > find an internal back-end database server. If > you're not comfortable > letting them use the internal DNS server, give them > a hosts file that > just lists what they need. > > 3. Outsiders trying to find your DMZ servers -- if > your ISP will host > DNS for you, that's one less thing you need to > manage locally. > > Seems like a no-brainer to me. Is there some > scenario I've > overlooked? > > DG > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls
__________________________________________________ Do You Yahoo!? Buy the perfect holiday gifts at Yahoo! Shopping. http://shopping.yahoo.com _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
