Suggestion for securing DNS (and other private systems): * Securing your DNS and other systems from the internet by using Firewall (aka BASTION host). * Make sure your DNS server is set up with a non-internet IP address. * For critical security requirement, you can setup all your internal servers/workstations to use IPsec only (I believe that's the HISECURE template) * OPtionality today (but mandatory in another two years), setup Intrusion Detection Systems: Network and Host based. * Setup the Primary DNS server to perform zone transfer to only known DNS secondary servers.
Improving DNS performance: * If the bottleneck is network, then you will need to get a larger network card. * If the bottleneck is CPU, then you will need to buy more CPU or new system. * If the DNS server is slow because of RAM, then you will need to buy more RAM. * You can configure additional DNS servers: add a secondary or a PROXY DNS. cheers, Leonard Lee -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Emmanuel Adebayo Sent: Tuesday, May 07, 2002 9:10 AM To: NT 2000 Discussions Subject: DNS Dear all, How do I protect my DNS Server from the internet and allow only the secondary server to contact my DNS server. I was trying to use Notifying list and only allow access from secondaries included in the notifying list, but my ISP has a range of IP address as there DNS servers, meaning that if I set only allow access option, the particular server may not come to pick my updated zone file. What do I do as there are to much traffic to my DNS server? Rgds. Emmanuel ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
