Re: dns best security practices
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/25/05
- Next message: Steven L Umbach: "Re: Security settings don't allow Active X controls to display"
- Previous message: Steven L Umbach: "Re: script to list users and groups in domain admin and local admin gr"
- In reply to: emmiller_at_cortdirections.com: "dns best security practices"
- Next in thread: Roger Abell: "Re: dns best security practices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Mar 2005 22:13:45 -0600
Domain controllers for your network should always be behind your firewall.
Normally a domain controller would never be in a DMZ unless it is a special
situation where it is the domain controller for only DMZ computers. Normally
you only need internal dns servers. Internal dns servers can resolve
internet requests for domain clients if they are configured to use root
hints or forward to your ISP dns server. The main reason you would want an
external dns server is if you are going to host your own dns servers for
your website available for internet users. In such case you would need to
provide two external dns servers. Most however pay a small fee to an ISP to
do this for them. NEVER expose your internal dns servers to internet users.
If your internal users need to access your domain resources on the internet
and you use the same domain name for internet and internal network then you
can use "split brains" dns and add manual records to your internal dns
server for your internal network users to resolve the names of your internet
resources. A Windows dns server does not need to be a domain controller if
you have a need to provide external dns outside of the firewall. --- Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 --- AD
dns FAQ.
<emmiller@cortdirections.com> wrote in message
news:1111683702.359142.301520@l41g2000cwc.googlegroups.com...
> Where should a server that is a Domain Controller, that also host
> Active Directory and DNS, be placed on a firewall?
>
> What if that server is the external DNS server?
>
> Should a company have both an external and internal DNS server? If so,
> should both of them be Active Directory Domain Controllers?
>
- Next message: Steven L Umbach: "Re: Security settings don't allow Active X controls to display"
- Previous message: Steven L Umbach: "Re: script to list users and groups in domain admin and local admin gr"
- In reply to: emmiller_at_cortdirections.com: "dns best security practices"
- Next in thread: Roger Abell: "Re: dns best security practices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
