For several years now we have had our internal DNS servers forward queries
for non-hosted zones to our ISP's forwarder servers. At the time we set this
up we were told by someone (can't remember who) that this was a "best
practice" to forward to an ISP's forwarder server vs. sending queries to the
root servers for name resoution. Now, we have purchased internet services
from some sort of bulk provider and our old ISP wants us to stop forwarding
queries to their forwarder servers but the bulk provider does not have their
own forwarder server. When contacted about the situation, the bulk provider
is suggesting that we were told wrong and the real best practice is to
forward external zone queries to the roots. Can anyone weigh in on this
issue and perhaps point me to some sort of document that spells out the true
best practice?

You may want to consider forwarding to opendns servers.
http://www.opendns.com/
if you need a good free solution.

"Moondoggy" <(E-Mail Removed)> wrote in message
news:7554929C-359E-4605-AF07-(E-Mail Removed)...
> For several years now we have had our internal DNS servers forward queries
> for non-hosted zones to our ISP's forwarder servers. At the time we set
> this
> up we were told by someone (can't remember who) that this was a "best
> practice" to forward to an ISP's forwarder server vs. sending queries to
> the
> root servers for name resoution. Now, we have purchased internet services
> from some sort of bulk provider and our old ISP wants us to stop
> forwarding
> queries to their forwarder servers but the bulk provider does not have
> their
> own forwarder server. When contacted about the situation, the bulk
> provider
> is suggesting that we were told wrong and the real best practice is to
> forward external zone queries to the roots. Can anyone weigh in on this
> issue and perhaps point me to some sort of document that spells out the
> true
> best practice?

Mike,

Thanks for the reply.

I've actually had several people mention OpenDNS to me but I need a bit more
enlightenment regarding how this works as I was on their site a few minutes
ago and found the following blurb regarding their "Free" service:

"People frequently ask us how we can offer such a fantastic service without
charging a dime. OpenDNS makes money the same way Google and Yahoo do — by
showing relevant ads when we show you search results."

So in their instructions it says that all I have to do to use their service
is change the IP addresses for my forwarder but if that's true, where does
the showing of relevant ads occur? Is this the kind of deal where you're
taken to an alternate search page with ads if you fat finger the URL?

If you or anyone else has information on this let me know. I'm still
curious about the "Best Practices" question of using Forwarders vs. Root
Hints so if anyone has any information let me know.
So my question is...If I'm an enterprise user it says that all I have to do
is point my DNS forwarders to the two IP addresses they have specified. If I
do that, how are they delivering the "relevant ads"?




"Mike G" wrote:

> You may want to consider forwarding to opendns servers.
> http://www.opendns.com/
> if you need a good free solution.
>
> "Moondoggy" <(E-Mail Removed)> wrote in message
> news:7554929C-359E-4605-AF07-(E-Mail Removed)...
> > For several years now we have had our internal DNS servers forward queries
> > for non-hosted zones to our ISP's forwarder servers. At the time we set
> > this
> > up we were told by someone (can't remember who) that this was a "best
> > practice" to forward to an ISP's forwarder server vs. sending queries to
> > the
> > root servers for name resoution. Now, we have purchased internet services
> > from some sort of bulk provider and our old ISP wants us to stop
> > forwarding
> > queries to their forwarder servers but the bulk provider does not have
> > their
> > own forwarder server. When contacted about the situation, the bulk
> > provider
> > is suggesting that we were told wrong and the real best practice is to
> > forward external zone queries to the roots. Can anyone weigh in on this
> > issue and perhaps point me to some sort of document that spells out the
> > true
> > best practice?
>
>
>

Is this the kind of deal where you're taken to an alternate search page
with ads if you fat finger the URL?

Yes - with your logo if you prefer. What I like the most is the free content
filtering.

"Moondoggy" <(E-Mail Removed)> wrote in message
news:08AC9777-4248-4715-AE30-(E-Mail Removed)...
> Mike,
>
> Thanks for the reply.
>
> I've actually had several people mention OpenDNS to me but I need a bit
> more
> enlightenment regarding how this works as I was on their site a few
> minutes
> ago and found the following blurb regarding their "Free" service:
>
> "People frequently ask us how we can offer such a fantastic service
> without
> charging a dime. OpenDNS makes money the same way Google and Yahoo do - by
> showing relevant ads when we show you search results."
>
> So in their instructions it says that all I have to do to use their
> service
> is change the IP addresses for my forwarder but if that's true, where does
> the showing of relevant ads occur? Is this the kind of deal where you're
> taken to an alternate search page with ads if you fat finger the URL?
>
> If you or anyone else has information on this let me know. I'm still
> curious about the "Best Practices" question of using Forwarders vs. Root
> Hints so if anyone has any information let me know.
> So my question is...If I'm an enterprise user it says that all I have to
> do
> is point my DNS forwarders to the two IP addresses they have specified.
> If I
> do that, how are they delivering the "relevant ads"?
>
>
>
>
> "Mike G" wrote:
>
>> You may want to consider forwarding to opendns servers.
>> http://www.opendns.com/
>> if you need a good free solution.
>>
>> "Moondoggy" <(E-Mail Removed)> wrote in message
>> news:7554929C-359E-4605-AF07-(E-Mail Removed)...
>> > For several years now we have had our internal DNS servers forward
>> > queries
>> > for non-hosted zones to our ISP's forwarder servers. At the time we
>> > set
>> > this
>> > up we were told by someone (can't remember who) that this was a "best
>> > practice" to forward to an ISP's forwarder server vs. sending queries
>> > to
>> > the
>> > root servers for name resoution. Now, we have purchased internet
>> > services
>> > from some sort of bulk provider and our old ISP wants us to stop
>> > forwarding
>> > queries to their forwarder servers but the bulk provider does not have
>> > their
>> > own forwarder server. When contacted about the situation, the bulk
>> > provider
>> > is suggesting that we were told wrong and the real best practice is to
>> > forward external zone queries to the roots. Can anyone weigh in on
>> > this
>> > issue and perhaps point me to some sort of document that spells out the
>> > true
>> > best practice?
>>
>>
>>

Mike,

Thanks for the feedback but yet another question. Someone else that replied
to another post on another forum suggested OpenDNS as well but I seem to get
the impression from him that there was some way (paid service???) that you
could somehow disable this feature. Even in your post you mentioned that the
search page can have our corporate logo on it and this confuses me a bit as I
don't understand how it is that their instructions tell you to simply change
out your existing forwarder IP address with theirs and your done. There's
something that I appear to be missiing on how everyone is handling all this
customization. Can you enlighten me some more?

Thanks.

"Mike G" wrote:

> Is this the kind of deal where you're taken to an alternate search page
> with ads if you fat finger the URL?
>
> Yes - with your logo if you prefer. What I like the most is the free content
> filtering.
>
> "Moondoggy" <(E-Mail Removed)> wrote in message
> news:08AC9777-4248-4715-AE30-(E-Mail Removed)...
> > Mike,
> >
> > Thanks for the reply.
> >
> > I've actually had several people mention OpenDNS to me but I need a bit
> > more
> > enlightenment regarding how this works as I was on their site a few
> > minutes
> > ago and found the following blurb regarding their "Free" service:
> >
> > "People frequently ask us how we can offer such a fantastic service
> > without
> > charging a dime. OpenDNS makes money the same way Google and Yahoo do - by
> > showing relevant ads when we show you search results."
> >
> > So in their instructions it says that all I have to do to use their
> > service
> > is change the IP addresses for my forwarder but if that's true, where does
> > the showing of relevant ads occur? Is this the kind of deal where you're
> > taken to an alternate search page with ads if you fat finger the URL?
> >
> > If you or anyone else has information on this let me know. I'm still
> > curious about the "Best Practices" question of using Forwarders vs. Root
> > Hints so if anyone has any information let me know.
> > So my question is...If I'm an enterprise user it says that all I have to
> > do
> > is point my DNS forwarders to the two IP addresses they have specified.
> > If I
> > do that, how are they delivering the "relevant ads"?
> >
> >
> >
> >
> > "Mike G" wrote:
> >
> >> You may want to consider forwarding to opendns servers.
> >> http://www.opendns.com/
> >> if you need a good free solution.
> >>
> >> "Moondoggy" <(E-Mail Removed)> wrote in message
> >> news:7554929C-359E-4605-AF07-(E-Mail Removed)...
> >> > For several years now we have had our internal DNS servers forward
> >> > queries
> >> > for non-hosted zones to our ISP's forwarder servers. At the time we
> >> > set
> >> > this
> >> > up we were told by someone (can't remember who) that this was a "best
> >> > practice" to forward to an ISP's forwarder server vs. sending queries
> >> > to
> >> > the
> >> > root servers for name resoution. Now, we have purchased internet
> >> > services
> >> > from some sort of bulk provider and our old ISP wants us to stop
> >> > forwarding
> >> > queries to their forwarder servers but the bulk provider does not have
> >> > their
> >> > own forwarder server. When contacted about the situation, the bulk
> >> > provider
> >> > is suggesting that we were told wrong and the real best practice is to
> >> > forward external zone queries to the roots. Can anyone weigh in on
> >> > this
> >> > issue and perhaps point me to some sort of document that spells out the
> >> > true
> >> > best practice?
> >>
> >>
> >>
>
>
>

It all depends on how you want to use their service. Change the ip and you
are done. Check their documentation if you are interested in the details.

http://www.opendns.com/smb/solutions

"Moondoggy" <(E-Mail Removed)> wrote in message
news:CF16B94F-F4C9-41F4-9768-(E-Mail Removed)...
> Mike,
>
> Thanks for the feedback but yet another question. Someone else that
> replied
> to another post on another forum suggested OpenDNS as well but I seem to
> get
> the impression from him that there was some way (paid service???) that you
> could somehow disable this feature. Even in your post you mentioned that
> the
> search page can have our corporate logo on it and this confuses me a bit
> as I
> don't understand how it is that their instructions tell you to simply
> change
> out your existing forwarder IP address with theirs and your done. There's
> something that I appear to be missiing on how everyone is handling all
> this
> customization. Can you enlighten me some more?
>
> Thanks.
>
> "Mike G" wrote:
>
>> Is this the kind of deal where you're taken to an alternate search page
>> with ads if you fat finger the URL?
>>
>> Yes - with your logo if you prefer. What I like the most is the free
>> content
>> filtering.
>>
>> "Moondoggy" <(E-Mail Removed)> wrote in message
>> news:08AC9777-4248-4715-AE30-(E-Mail Removed)...
>> > Mike,
>> >
>> > Thanks for the reply.
>> >
>> > I've actually had several people mention OpenDNS to me but I need a bit
>> > more
>> > enlightenment regarding how this works as I was on their site a few
>> > minutes
>> > ago and found the following blurb regarding their "Free" service:
>> >
>> > "People frequently ask us how we can offer such a fantastic service
>> > without
>> > charging a dime. OpenDNS makes money the same way Google and Yahoo do -
>> > by
>> > showing relevant ads when we show you search results."
>> >
>> > So in their instructions it says that all I have to do to use their
>> > service
>> > is change the IP addresses for my forwarder but if that's true, where
>> > does
>> > the showing of relevant ads occur? Is this the kind of deal where
>> > you're
>> > taken to an alternate search page with ads if you fat finger the URL?
>> >
>> > If you or anyone else has information on this let me know. I'm still
>> > curious about the "Best Practices" question of using Forwarders vs.
>> > Root
>> > Hints so if anyone has any information let me know.
>> > So my question is...If I'm an enterprise user it says that all I have
>> > to
>> > do
>> > is point my DNS forwarders to the two IP addresses they have specified.
>> > If I
>> > do that, how are they delivering the "relevant ads"?
>> >
>> >
>> >
>> >
>> > "Mike G" wrote:
>> >
>> >> You may want to consider forwarding to opendns servers.
>> >> http://www.opendns.com/
>> >> if you need a good free solution.
>> >>
>> >> "Moondoggy" <(E-Mail Removed)> wrote in message
>> >> news:7554929C-359E-4605-AF07-(E-Mail Removed)...
>> >> > For several years now we have had our internal DNS servers forward
>> >> > queries
>> >> > for non-hosted zones to our ISP's forwarder servers. At the time we
>> >> > set
>> >> > this
>> >> > up we were told by someone (can't remember who) that this was a
>> >> > "best
>> >> > practice" to forward to an ISP's forwarder server vs. sending
>> >> > queries
>> >> > to
>> >> > the
>> >> > root servers for name resoution. Now, we have purchased internet
>> >> > services
>> >> > from some sort of bulk provider and our old ISP wants us to stop
>> >> > forwarding
>> >> > queries to their forwarder servers but the bulk provider does not
>> >> > have
>> >> > their
>> >> > own forwarder server. When contacted about the situation, the bulk
>> >> > provider
>> >> > is suggesting that we were told wrong and the real best practice is
>> >> > to
>> >> > forward external zone queries to the roots. Can anyone weigh in on
>> >> > this
>> >> > issue and perhaps point me to some sort of document that spells out
>> >> > the
>> >> > true
>> >> > best practice?
>> >>
>> >>
>> >>
>>
>>
>>

Kurt,

Thanks for the reply.

OK....I'm going back to my original question.....Regardless of whether you
use a forwarder service like OpenDNS for name resolutions from a corporate
DNS, is anyone aware of what the "Best"or "Approved" practice is?

I've received a lot of repies on different forum sites suggesting that
OpenDNS is a great solution if you want to use a forwarder but it's also been
suggested by a Microsoft MVP that forwarders should not be used in a
corporate setting and that he always recommends going to the roots instead.
In the MVP's discussion of the issue he provided stong reasoning why going to
the roots was better but I didn't necessarily get that warm fuzzy feeling
that this was an Internet "Best" or "Approved" practice for large
corporations.

From all that I've been able to gather all week both methods work and both
have their pos and cons but does anyone really care which method is used?



"Kurt" wrote:

> I'd say it depends on how busy your DNS servers are. If the server load
> is way up there, forwarding would seem the best approach. If they're
> just idling along, they're perfectly capable of looking up non-hosted
> domains by going to the root hints. I prefer to use my own DNS servers
> to do web lookups unless I have some good reason to not have them do it.
>
> Another approach is to set up your own BIND (Linux) caching-only DNS
> server to do the web lookups and forward to it from your domain
> controller DNS servers.
>
> Kurt
>
> Moondoggy wrote:
> > For several years now we have had our internal DNS servers forward queries
> > for non-hosted zones to our ISP's forwarder servers. At the time we set this
> > up we were told by someone (can't remember who) that this was a "best
> > practice" to forward to an ISP's forwarder server vs. sending queries to the
> > root servers for name resoution. Now, we have purchased internet services
> > from some sort of bulk provider and our old ISP wants us to stop forwarding
> > queries to their forwarder servers but the bulk provider does not have their
> > own forwarder server. When contacted about the situation, the bulk provider
> > is suggesting that we were told wrong and the real best practice is to
> > forward external zone queries to the roots. Can anyone weigh in on this
> > issue and perhaps point me to some sort of document that spells out the true
> > best practice?
>

Just a quick update:

I sent mail to ICANN.ORG asking the same question I have had posted on this
forum. Here is the response I got back from the Manager, Root Zone Services
Internet Assigned Numbers Authority via ICANN:

"We don't have a specific reference to a "best practice", but there is no
problem for you setting up your own recursive name server rather than using a
forwarder. All we recommend is that you take steps to make sure your root
hints file is kept up to date — and as long as you use a package like BIND
and regularly update it they should automatically provide you with updated
hints files. Alternatively, you can download it from
http://www.internic.net/zones/named.root"


"Moondoggy" wrote:

> For several years now we have had our internal DNS servers forward queries
> for non-hosted zones to our ISP's forwarder servers. At the time we set this
> up we were told by someone (can't remember who) that this was a "best
> practice" to forward to an ISP's forwarder server vs. sending queries to the
> root servers for name resoution. Now, we have purchased internet services
> from some sort of bulk provider and our old ISP wants us to stop forwarding
> queries to their forwarder servers but the bulk provider does not have their
> own forwarder server. When contacted about the situation, the bulk provider
> is suggesting that we were told wrong and the real best practice is to
> forward external zone queries to the roots. Can anyone weigh in on this
> issue and perhaps point me to some sort of document that spells out the true
> best practice?

I would recommend being cautious, choosing forwarders, remember your DNS
will ask anything they do not authoritative for to the forwarders DNS
servers. I am not saying open DNS is less secure than any other ISP DNS
servers (- :
All I am saying is choosing forwarders needs attention. Sometimes your ISP
DNS servers will be faster than open DNS servers, just try it out to
evaluate both


Oz
Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

http://smtp25.blogspot.com (Blog)


"Mike G" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> It all depends on how you want to use their service. Change the ip and you
> are done. Check their documentation if you are interested in the details.
>
> http://www.opendns.com/smb/solutions
>
> "Moondoggy" <(E-Mail Removed)> wrote in message
> news:CF16B94F-F4C9-41F4-9768-(E-Mail Removed)...
>> Mike,
>>
>> Thanks for the feedback but yet another question. Someone else that
>> replied
>> to another post on another forum suggested OpenDNS as well but I seem to
>> get
>> the impression from him that there was some way (paid service???) that
>> you
>> could somehow disable this feature. Even in your post you mentioned that
>> the
>> search page can have our corporate logo on it and this confuses me a bit
>> as I
>> don't understand how it is that their instructions tell you to simply
>> change
>> out your existing forwarder IP address with theirs and your done.
>> There's
>> something that I appear to be missiing on how everyone is handling all
>> this
>> customization. Can you enlighten me some more?
>>
>> Thanks.
>>
>> "Mike G" wrote:
>>
>>> Is this the kind of deal where you're taken to an alternate search page
>>> with ads if you fat finger the URL?
>>>
>>> Yes - with your logo if you prefer. What I like the most is the free
>>> content
>>> filtering.
>>>
>>> "Moondoggy" <(E-Mail Removed)> wrote in message
>>> news:08AC9777-4248-4715-AE30-(E-Mail Removed)...
>>> > Mike,
>>> >
>>> > Thanks for the reply.
>>> >
>>> > I've actually had several people mention OpenDNS to me but I need a
>>> > bit
>>> > more
>>> > enlightenment regarding how this works as I was on their site a few
>>> > minutes
>>> > ago and found the following blurb regarding their "Free" service:
>>> >
>>> > "People frequently ask us how we can offer such a fantastic service
>>> > without
>>> > charging a dime. OpenDNS makes money the same way Google and Yahoo
>>> > do - by
>>> > showing relevant ads when we show you search results."
>>> >
>>> > So in their instructions it says that all I have to do to use their
>>> > service
>>> > is change the IP addresses for my forwarder but if that's true, where
>>> > does
>>> > the showing of relevant ads occur? Is this the kind of deal where
>>> > you're
>>> > taken to an alternate search page with ads if you fat finger the URL?
>>> >
>>> > If you or anyone else has information on this let me know. I'm still
>>> > curious about the "Best Practices" question of using Forwarders vs.
>>> > Root
>>> > Hints so if anyone has any information let me know.
>>> > So my question is...If I'm an enterprise user it says that all I have
>>> > to
>>> > do
>>> > is point my DNS forwarders to the two IP addresses they have
>>> > specified.
>>> > If I
>>> > do that, how are they delivering the "relevant ads"?
>>> >
>>> >
>>> >
>>> >
>>> > "Mike G" wrote:
>>> >
>>> >> You may want to consider forwarding to opendns servers.
>>> >> http://www.opendns.com/
>>> >> if you need a good free solution.
>>> >>
>>> >> "Moondoggy" <(E-Mail Removed)> wrote in message
>>> >> news:7554929C-359E-4605-AF07-(E-Mail Removed)...
>>> >> > For several years now we have had our internal DNS servers forward
>>> >> > queries
>>> >> > for non-hosted zones to our ISP's forwarder servers. At the time
>>> >> > we
>>> >> > set
>>> >> > this
>>> >> > up we were told by someone (can't remember who) that this was a
>>> >> > "best
>>> >> > practice" to forward to an ISP's forwarder server vs. sending
>>> >> > queries
>>> >> > to
>>> >> > the
>>> >> > root servers for name resoution. Now, we have purchased internet
>>> >> > services
>>> >> > from some sort of bulk provider and our old ISP wants us to stop
>>> >> > forwarding
>>> >> > queries to their forwarder servers but the bulk provider does not
>>> >> > have
>>> >> > their
>>> >> > own forwarder server. When contacted about the situation, the bulk
>>> >> > provider
>>> >> > is suggesting that we were told wrong and the real best practice is
>>> >> > to
>>> >> > forward external zone queries to the roots. Can anyone weigh in on
>>> >> > this
>>> >> > issue and perhaps point me to some sort of document that spells out
>>> >> > the
>>> >> > true
>>> >> > best practice?
>>> >>
>>> >>
>>> >>
>>>
>>>
>>>
>
>