Client resolution of internet names

J

jamestulloch

Hi All,

Should I allow clients to resolve internet adresses by setting up
forwarding on my DNS servers. All my DNS servers are DCs in Windows
2003 native domain.

I was going to just force all internet lookups to go via IE and proxy
server.

What are the security implications of allowing this. I read somewhere
that the DNS acket will contain information about the ip address
structure and naming of our domain. Is this true? Does it matter?

TIA

James Tulloch
 
R

Roger Abell [MVP]

In general, if you have invested in a proxy server then you should
use it. Bypassing it only reduces the values it can provide to you.

Having a DNS server forward queries to external DNS servers
does not reveal internal information. Allowing the public NIC
interface used for the DNS forwarding to also respond to DNS
queries received on it however can. These are two separate
capabilities and are configured independently from each other.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Best Practice DNS Structure 1
DNS name resolution slow - the first time... 1
Don't Append Primary DNS Suffix 5
Fix Child Domain DNS prior to adding 2003 DCs 1
W2K AD Domain issues, migration and rename native mode 3
Conditional Forwarding Not Available 22
Still having trouble removing DNS Server from Domain 5
W2K DNS Forwarding 14

Top