Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

'.' root zone question

We have a parent domain and three child domains. On the parent domain there is a '.' root zone and it is setup this way as management thinks this is more secure than reaching out to the root servers. On the child domains, we do not use a root zone. My question is why is it more secure this way and what is the best practices?  What would one find under the .root zone folder?
0
wayy2be
Asked:
wayy2be
  • 2
  • 2
1 Solution
 
mcsweenSr. Network AdministratorCommented:
MS Best practices say that you should not have the "." zone, and to setup forwarders on your DNS server to query your ISPs DNS servers for internet lookups.  With the "." zone you will not get root hints either.
0
 
wayy2beAuthor Commented:
Yes I know and I cannot figure out why they say that using the '.' zone is more secure?
0
 
brwwigginsCommented:
It could be they do not want to open the ports in the firewall to allow DNS queries out?
0
 
wayy2beAuthor Commented:
Yes but how would they resolve names?  They are using ISA servers in the mix as well.
0
 
brwwigginsCommented:
good question. They may have the ISA servers pointing another source. This way the users cannot try to go out directly because they can't resolve the host names.

I'm just guessing at this point
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now