Welcome to ISAserver.org

Publishing a DNS server: question about recursion

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Publishing] >> Server Publishing >> Publishing a DNS server: question about recursion

Page: [1]

Message

<< Older Topic Newer Topic >>

Publishing a DNS server: question about recursion - 13.Feb.2007 6:04:12 AM

tinto

Posts: 225
Joined: 9.Sep.2004
From: Italy
Status: offline

Hi folks,

i'm happy to return here after a long absence, and i have a sudden question:

we are thinking about to begin administering our company's domains DNS: good guys know it's the best to disable recursion on the DNS server to publish.This is to avoid DOS attacks on public DNS.

My question is: can I trust enough on the power of isa2006's DNS application filter and publish directly a DNS server (on win2003) which has recursion enabled instead?

Thank you

_____________________________

Tinto

Post #: 1

Featured Links*

RE: Publishing a DNS server: question about recursion - 17.Feb.2007 5:02:24 AM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Tinto,

check out Tom's article You Need to Create a Split DNS!.

If you host your own Public DNS server than you should configure that box as advertiser only and thus disable recursion. This means also you don't use your internal DNS server as an advertiser to the external world but only to the internal clients.

HTH,
Stefaan

(in reply to tinto)

Post #: 2