I have a domain controller which is also a DNS for internal name resolutions. I want to allow clients to connect to the internet, i.e. they should be to resolve external names (e.g. google.com).
Is it secure to configure my DNS with the ISP's DNS (as a forwarder), knowing that my DNS is attached to the LAN port of the firewall (and not to the DMZ port)?
Normally, we have a forwarder attached to the DMZ, and this one will have againa forwarder which is the ISP's DNS.