Announcement

Collapse
No announcement yet.

Server 2008R2 - Local DNS settings

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Server 2008R2 - Local DNS settings

    I am trying to set up our new local DNS Server within AD to handle internal DNS requests only. We currently use our ISPís DNS server IPís. I have received conflicting advice about the use of forwarders, some say put ISP DNS IPís as forwarders Ė no problem. The security and best practice advice is to not use recursion but if I turn this off it automatically disables forwarders in Server 2008R2! How do I handle this?

  • #2
    Re: Server 2008R2 - Local DNS settings

    The security and best practice advice is to not use recursion

    Where did you read that?

    Comment


    • #3
      Re: Server 2008R2 - Local DNS settings

      The normal solution is to have clients (via DHCP) use the in-house DNS servers and for them to use external DNS forwarders - either the ISP or, if you prefer, google (8.8.8.8 and others) or OpenDNS

      Not sure about the recursion without finding a DC to play on, but I doubt if I have ever changed it from the default
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Server 2008R2 - Local DNS settings

        Originally posted by Ossian
        Not sure about the recursion without finding a DC to play on, but I doubt if I have ever changed it from the default
        .................................................. .................................................. .......................Click image for larger version

Name:	ditto.gif
Views:	1
Size:	1.7 KB
ID:	466932

        I looked at this earlier and it seems to be more relevant to DNS Servers that have a public interface. (Got a stink of a headache so that may not make much sense but I know what I mean). I took it to mean a DNS that can be accessed from the Internet side of the network as well as the private side. Forgot to save the site I looked at that had the very good explanation; sorry. It could also apply to a DNS in a compromised network where the DNS can now be accessed by an external user.

        [Tom or other Forum Mod, if this reads like crap, please DELETE it. Ta]
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: Server 2008R2 - Local DNS settings

          I found it here : us-cert.gov/sites/default/files/publications/DNS-recursion033006.pdf

          Comment


          • #6
            Re: Server 2008R2 - Local DNS settings

            In DNS manager, Select server, Properties, Advanded tab, 1st Server option - Disable recursion (also disables forwarders).

            Comment


            • #7
              Re: Server 2008R2 - Local DNS settings

              Found it. I thought this was the best to understand explanation. Recursive DNS explained.
              1 1 was a racehorse.
              2 2 was 1 2.
              1 1 1 1 race 1 day,
              2 2 1 1 2

              Comment


              • #8
                Re: Server 2008R2 - Local DNS settings

                Originally posted by biggles77 View Post
                I looked at this earlier and it seems to be more relevant to DNS Servers that have a public interface.
                Agree. It doesn't apply to a private internal DNS server.
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment

                Working...
                X