Announcement

Collapse
No announcement yet.

need root hints configuration

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • need root hints configuration

    Our network consists of two DNS servers. One is used for internal network and another is used for resolving Internet queries. External DNS is on DMZ and is working independent (no slave).

    1) What should be the recommended configurations of Root hints on both of the servers ?

    2) What is the best way to secure external DNS server ?

  • #2
    Re: need root hints configuration

    My suggestion is,

    Convert all the zones in internal network as primary zones and allow zone transfer to external DNS server located in DMZ. Create secondary zones in external DNS server located in DMZ.
    Procedure to update cache.dns file
    http://support.microsoft.com/kb/249868
    The latest root hints file can be downloaded from
    http://www.internic.net/zones/named.root

    Comment


    • #3
      Re: need root hints configuration

      I have read in one docs saying to disable recurssion on External DNS. Is it required ?

      Also,

      To Remove the root hints on all external DNS Servers... Is it required for security point of view ? please clarify if we disable root hints on External DNS server, Will name be resolved for external domains ?

      Comment


      • #4
        Re: need root hints configuration

        If recursion is disabled on external DNS, there wont be any forwarding action for unresolved DNS queries of DNS clients. Instead harden the DNS service, refer technet more information.

        Comment


        • #5
          Re: need root hints configuration

          Originally posted by sachin1361 View Post
          I have read in one docs saying to disable recurssion on External DNS. Is it required ?

          Also,

          To Remove the root hints on all external DNS Servers... Is it required for security point of view ? please clarify if we disable root hints on External DNS server, Will name be resolved for external domains ?
          What is your reasoning for having your "own" external DNS server?

          Comment

          Working...
          X