Unless you plan on doing a bunch of updates or just really want positive control over your own domain, then letting your ISP handle the DNS is the best thing to do; less administrative hassle for you, and (on-topic) you leave the security aspects to them (no need to tunnel DNS through your firewall or institute a split-DNS setup).
One problem I can see is if you suddenly start have routing issues or the like, not having control over the DNS server could put a little delay in your diagnosis and remedy. I've been known to occasionally fat-finger DNS records for domains I've administered, and having to wait until someone picks up a trouble-ticket (much less respond and close) could have been problematic. If you're OK with that (which it seems you are) then I'd just let the ISP handle that aspect. Of course, if you don't have your own domain (or aren't planning one), then this argument is moot anyway... At 11:52 AM 12/4/2001 -0800, you wrote: >This is a little off topic but I thought you guys >would be the one's to ask. I only have a mail server >and a web server (for web-based email access) in my >DMZ. Do I have to have a DNS server in the DMZ or can >I just use my ISP's DNS? I have an internal DNS >server(s). What are the drawbacks to using my ISP's >DNS. I won't need to make very many DNS changes in >the future so I'm not concerned with how long it takes >to make a DNS update. I know the other way to go >would be a split-DNS setup. Any help/advice would be >greatly appreciated. Thanks. -- Eric N. Valor [EMAIL PROTECTED] - This Space Intentionally Left Blank - _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
