Re: Client resolution of internet names
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Thu, 28 Dec 2006 07:25:43 -0700
In general, if you have invested in a proxy server then you should
use it. Bypassing it only reduces the values it can provide to you.
Having a DNS server forward queries to external DNS servers
does not reveal internal information. Allowing the public NIC
interface used for the DNS forwarding to also respond to DNS
queries received on it however can. These are two separate
capabilities and are configured independently from each other.
"jamestulloch" <james@xxxxxxxxxxxxxxxx> wrote in message
news:1167305112.501222.155390@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi All,
Should I allow clients to resolve internet adresses by setting up
forwarding on my DNS servers. All my DNS servers are DCs in Windows
2003 native domain.
I was going to just force all internet lookups to go via IE and proxy
server.
What are the security implications of allowing this. I read somewhere
that the DNS acket will contain information about the ip address
structure and naming of our domain. Is this true? Does it matter?
TIA
James Tulloch
.
- References:
- Client resolution of internet names
- From: jamestulloch
- Client resolution of internet names
- Prev by Date: Network or security
- Next by Date: Account Locked out but Not Logs to Check
- Previous by thread: Client resolution of internet names
- Next by thread: Network or security
- Index(es):
Relevant Pages
|
|
