RE: MS DNS and AD question

From: McCammon, Keith (Keith.McCammon@eadvancemed.com)
Date: 10/26/01

• Previous message: Dimitri Limanovski: "RE: MS DNS and AD question"
• Maybe in reply to: James Fullerton: "MS DNS and AD question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <BB7FD4FF9E440648A731452E5D341FB0654780@hitsexchange01.advance-med.com>
From: "McCammon, Keith" <Keith.McCammon@eadvancemed.com>
To: 'James Fullerton' <James@RS25.com>, focus-ms@securityfocus.com
Subject: RE: MS DNS and AD question
Date: Fri, 26 Oct 2001 16:12:56 -0400

I would strongly suggest that you set up a separate external name server.
Using one name server for internal and external requests is generally
considered to be a flawed architecture. Even if it were theoretically,
possible to separate the two using MS security (cough) features, you are
still taking a considerable risk.

By using a standard internal/external architecture, wherein the internal
name server only services internal requests, and uses forwarders to reach
the external name server, you are eliminating a great deal of risk and
possible exposure.

Keith

---

• Previous message: Dimitri Limanovski: "RE: MS DNS and AD question"
• Maybe in reply to: James Fullerton: "MS DNS and AD question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)