Re: Making DNS request to the Internet
- From: Barry Margolin <barmar@xxxxxxxxxxxx>
- Date: Fri, 19 May 2006 23:19:21 -0400
In article <Lxvbg.27509$YI5.24041@xxxxxxxxxxxxxxxxxxxxxx>,
Leythos <void@xxxxxxxxxxx> wrote:
In article <1148092604.701427.200080@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
boomboom999@xxxxxxxxx says...
Hi,
Is it considered a good security practice to not allow Active Directory
Domain Controlles making direct DNS requests to the Internet?
I have read about different DNS responses attacks that can help an
attacker to take control of the DC via an incorrect DNS response
(buffer overflow etc.).
Would it be more secure to use DNS forwarders?
If yes, where we should place them? Into DMZ?
If you've got the capital to setup a dedicated DNS server to do the
work, more power to you.
Even if you don't, you can always forward to your ISP's caching servers.
--
Barry Margolin, barmar@xxxxxxxxxxxx
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
.
- References:
- Making DNS request to the Internet
- From: boomboom999
- Making DNS request to the Internet
- Prev by Date: Re: Making DNS request to the Internet
- Next by Date: Encryption for Powerpoint?
- Previous by thread: Re: Making DNS request to the Internet
- Next by thread: Encryption for Powerpoint?
- Index(es):
Relevant Pages
|
|
