Also by default, a Windows NT or 2000 server will use the
root hints to query diretly to the public root name
servers, this is a better solution in my opinion. In
order for the root hints to work, you can't run a false
root on your internal DNS server.

Jeff
>-----Original Message-----
>HI,
> How to forward an Internal Windows 2000 DNS server
to an LIVE / ISP DNS
>server as well as make it an caching server?
>
>--
>Best Regards,
>Feroz Shaikh
>
>
>
>.
>

> servers, this is a better solution in my opinion. In

Maybe. Couple things to concider however:
1) Forwarding is generally faster and produces less traffic for non-cached
records.
2) You can force all queries through one "hole" in your DMZ (say to your ISP
or external DNS server) and not have to allow queries/responses to all DNS
servers on the INET - which you have to do if your using root-hints
internally.

1) Get the IP address of your ISP's DNS server(s). They supply this to you.
2) Under the Properties of the server, goto the Forwarders Tab and enter the
IP addresses in step 1. Done.
--wjs

"Feroz Shaikh" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I agree to all this, but I am very new to DNS so dont know how to go about
> configuring all this features. Will be nice if I get some help in setting
up
> my DNS server for utilizing this features
> ...
> Feroz
>
>
> "William Stacey" <(E-Mail Removed)> wrote in message
> news:#(E-Mail Removed)...
> > > servers, this is a better solution in my opinion. In
> >
> > Maybe. Couple things to concider however:
> > 1) Forwarding is generally faster and produces less traffic for
non-cached
> > records.
> > 2) You can force all queries through one "hole" in your DMZ (say to your
> ISP
> > or external DNS server) and not have to allow queries/responses to all
DNS
> > servers on the INET - which you have to do if your using root-hints
> > internally.
> >
> >
>
>

JL> Also by default, a Windows NT or 2000 server will use
JL> the root hints to query diretly to the public root name
JL> servers, this is a better solution in my opinion.

It certainly has the advantage that it doesn't render one vulnerable to
whatever security problems the forwardee is vulnerable to. It also has the
advantage that one can choose which view of the DNS namespace one sees.
Whereas with forwarding one is constrained to see whatever view of the DNS
namespace the forwardee provides.

JL> In order for the root hints to work, you can't run a false
JL> root on your internal DNS server.

In order for the root hints to work, one cannot "run" _any_ root on one's DNS
server, "false" or not.