Some probably stupid questions

Posted on 2006-05-12
Last Modified: 2010-03-18
am workng with this guy who does some unusaul stuff not saying they are right or wrong but unusual...

On a Windows 2003 server DHCP s set on the Pix firewall giving ips to all the client computers one of the DNS is set for our internal DNS whch is the same as this server which s also the DC server the other is an external DNS server for our ISP all client computers have both the internal and one external DNS configured on thier machines.....

in the internal DNS a host record is set for our hosted smtp server ip address 55.555.454.45

now this seems to work if we have to change smtp we just change the ip address in the host record.

we also have host set up for our outside www. and ftp and other hosted servces..

our forwarders are also set to the isp external dns servers..

my queston I was taught to set up the internal dns with forwarders and thats that what if any problem is there with settng up the DNS with all these external records and these configurations in general.

Also due to the fact this is problaly a smple queston when change ISP once you have everything set up and check the DNS and it fails recusve is this becuase of the root and how can you fix it.
Question by:arahming
    1 Comment
    LVL 95

    Accepted Solution

    I'm not entirely clear on your question, but if I understand correctly...

    It's fine to run DHCP on the PIX - I wouldn't recommend it - I think the client and other potential consultants should have easier access to it, but as long as the correct settings are given, it's not a problem.

    DNS - the ONLY, stress ONLY DNS servers the workstations and servers should use are the DNS servers for active directory.  The AD DNS servers can then use forwarders to the ISP, but don't technically need to.  Why?  If a client EVER uses a non-AD DNS server to resolve a name (if, for whatever reason, your AD DNS servers don't respond fast enough) then you could have random problems accessing network services including delays in logging on, and problems reaching your servers.  99% of the time the AD DNS servers probably get it... but that 1% CAN cause problems for the client, and in turn, you, and if they get another consultant who KNOWS what they are doing, then you look even worse.  Oh, but what about accessing the internet if the AD DNS servers go down.  Yes, that's a problem... but if your AD DNS servers go down, you probably have far bigger problems and it's better to know about them and get them fixed sooner than later.

    As for setting up hosts for external services such as mail, www, and ftp - not generally a problem - can make things easier even.  I do this from time to time myself.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    This article is in response to a question ( here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
    Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now