PHWinfo - Afficher un message

23/07/2006, 05h17

exchange wrote:

> We are moving away from the ISA (and therefore no dmz dns server) to a
> dedicate Hardware proxy (Bluecoat). The only other server sitting in
> our DMZ is a smtp relay and InterScan Web Security Suite server. My
> questions are:
>
>
> 1. Is it acceptable to forward all unresolved DNS request from our
> internal DNS/DC servers through to our ISP's DNS servers?

It is an accepted practice to forward to your ISP if you don't have your own
caching only DNS. I'm not sure about the Hardware proxy you are getting, but
most proxy servers have a caching only DNS server.

> 2. Is it acceptable to set client dns to our public dns servers (of
> course set appopriate TCP and UDP rules 53 on our firewall).

Since this is an Active Directory domain, the answer is to never use an
external DNS in TCP/IP properties of any member client or server. All
members of the AD domain must use only DNS servers that support the AD
domain.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

23/07/2006, 05h17	#2
Kevin D. Goodknecht Sr. [MVP] Messages: n/a Hébergeur:	Re: Internal vs DMZ dns exchange wrote: > We are moving away from the ISA (and therefore no dmz dns server) to a > dedicate Hardware proxy (Bluecoat). The only other server sitting in > our DMZ is a smtp relay and InterScan Web Security Suite server. My > questions are: > > > 1. Is it acceptable to forward all unresolved DNS request from our > internal DNS/DC servers through to our ISP's DNS servers? It is an accepted practice to forward to your ISP if you don't have your own caching only DNS. I'm not sure about the Hardware proxy you are getting, but most proxy servers have a caching only DNS server. > 2. Is it acceptable to set client dns to our public dns servers (of > course set appopriate TCP and UDP rules 53 on our firewall). Since this is an Active Directory domain, the answer is to never use an external DNS in TCP/IP properties of any member client or server. All members of the AD domain must use only DNS servers that support the AD domain. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This s =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ https://secure.lsaol.com/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oe.com/OEBackup/Default.aspx ===================================