Most Secure DNS location

I am runnning win2k3 svr and i have a Cisco pix with a dmz leg. What is the ideal setup for securing external dns requests. I want to have a DNS responsible for my resolvable domain. Is it safe to put an active directory intergrated domain in the dmz??  Any suggestions greatly appreciated.
rolltide_bamaAsked:
Who is Participating?
 
What90Connect With a Mentor Commented:
I'd suggest you put a standard stand alone DNS server on your DMZ. It's job would be to only resovle DNS name for External site. Your AD integrated DNS would only be on your internal network. Basicaly, you create a split DNS set up.

This link explains this concept in much more detail. Don't worry about all the reference to ISA server, any firewall (especially the PIX) can take it place.

http://www.isaserver.org/tutorials/You_Need_to_Create_a_Split_DNS.html
0
All Courses

From novice to tech pro — start learning today.