Why not just use Simple DNS, since you can define in it which sub-nets and individual IP addresses are permitted to do recursion? The MS DNS zone files and boot file can be imported right into Simple DNS, so conversion is a snap.
For Imail, we run one MS DNS instance as a caching server, which forwards to our 4 regular name servers running Simple DNS. Port 53 to the MS DNS server is Not open at the Firewall, since the Simple DNS servers do recursion for it, as necessary. Everything runs out of the box/vanilla and we're secure from recursion abuse and the other potential abuses, from which Simple DNS (similar to Bind) can be configured to prevent. Thanks, Monday, July 3, 2006, 3:06:49 AM, John T (Lists) <[EMAIL PROTECTED]> wrote: >> Not a DNS "expert" (do have substantial experience), so I welcome comments >> here. >> >> Marc JTL> Since I am in the same boat, here is what I am implementing which after much JTL> investigation and research the best solution for my configuration is JTL> including cost consideration: JTL> 1. My servers and workstations will be using my current MS DNS servers with JTL> recursion on and listening on the current IP assigned to the DNS servers. JTL> 2. I am installing SimpleDNS on each of my 3 DNS servers. I am adding a JTL> second IP to each of those 3 servers. I will configure SimpleDNS to listen JTL> on the second IP address. I will the use SimpleDNS for all domains that I am JTL> authoritive for and recursion will be off in SimpleDNS. I will reconfigure JTL> my firewalls to send public DNS queries to the SimpleDNS IP. JTL> John T JTL> eServices For You JTL> "Seek, and ye shall find!" JTL> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html JTL> List Archive: JTL> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ JTL> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ ---- Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364 Fax: (972) 788-5049 ---- To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
