• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 397
  • Last Modified:

Where should I point my DNS forwarders if my ISP does not provide an authoritative server?

I am setting up a small AD environment on a non business class dsl and enabled DNS forwarders but need secure DNS servers to point to.
0
mantic1
Asked:
mantic1
  • 2
  • 2
  • 2
  • +3
2 Solutions
 
SembeeCommented:
You can't use anyone's DNS servers.
I normally say to use the ISPs. Otherwise see who the ISPs upstream provider is and use their's.
If you are getting a web site hosted then see if you can use the host's DNS servers.

Simon.
0
 
Scotty_ciscoCommented:
what has your ISP given you for DNS resolution for your hosts?

That is what I would point it at also if you set up your local host to be a caching name server it will use the root name servers on the internet.

http://www.root-servers.org/

check that out if they have not given you anything.

Thanks
Scott
0
 
giltjrCommented:
O.K.  Lets make sure we understand everything.  

DNS forwarders are not the same thing as authorive DNS servers.  I have never heard of a ISP not providing DNS reslovers.

What do you mean by "secure DNS servers?"  Do you mean that you need to find some, secure meaning acquire the IP address of them?  Or do you mean that they need to be secure in the sense they are protected.

Do you really need to have DNS servers on the Internet that reslove host name for your IP domain?
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
mantic1Author Commented:
I'm use to having an agreement w/ your corporate ISP to use their DNS servers as forwarders.   What do you use instead if your dont have a business class solution?  I understand that you can't simply point to a DNS server your home ISP server provides and selecting a random DNS server could compromise your network.  Hence, i want a secure DNS server that is available as a forwarder.  btw - I'm using this article as reference  http://mcpmag.com/Features/article.asp?editorialsid=413


0
 
Scotty_ciscoCommented:
so are you talking about dynamic DNS?  one that changes if your IP address changes?

If this is the case; I have been using zoneedit.com for awhile now and they work great and they will dynamically update your dns.

Thanks
0
 
SembeeCommented:
Your ISP isn't going to know whether it is a Windows XP machine or a server doing the DNS requests. All ISPs offer DNS services of some kind or another.

What I meant by my comment above is that you cannot use the DNS servers belonging to another ISP. You must use either your own, or use the root servers.

I don't see anything in that article that relates to your question.
It refers to securing DNS servers - that is very different from secure DNS servers.
Furthermore, you should be running public facing DNS servers from your AD DNS servers anyway.

Simon.
0
 
giltjrCommented:
I think what you want is:

The DNS service running on your Domain controller to foward to your ISP's DNS servers.  Instead of this you can load the hints file and have it use the root servers as Scotty_cisco  refered to.

All boxes on your network should be setup to point to your domain controller as their DNS server, this includes the domain controller.

Everything in your network sends resolution requests to the DNS service running on your Domain controller.  This will reslove all IP host names as needed.  

For the IP domains that your DNS server is authorive for, it will reslove them itself.  For any IP domains that your DNS server is NOT authoritive for (ibm.com, microsoft.com, experts-exchange.com, etc), it will forward to your ISP's DNS servers or the root servers.  Which will reslove the names.
0
 
mantic1Author Commented:
Ok, we are more on the same page w the last comment.  I need to fill in the Forwarders tab on my DNS Server.  Like the example below...

http://mcpmag.com/images/0504mcp_DNS5.gif


Here's the type of forwarding I'm ultimately would like to achieve in the link below...

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

I just need the correct FORWARDER server IP Address that's normally provided by a corporate ISP but in this scenario I am not in a corporate environment.


0
 
NYtechGuyCommented:


You can use your ISPs DNS servers, or you can contract with an outside service.  UltraDNS is a world renowned provider- they do authoritative DNS for companies such as Amazon.com, ebay.com etc.  They also provide recursive DNS - which is what you are looking for.

Highly recommended.
0
 
mikeleebrlaCommented:
you CAN point it to any public DNS server on the internet such as
4.2.2.2
66.218.71.63

actually you don't have to enter anything on the forwarders tab since your DNS server will use the "root hints" servers if nothing is listed there.  I always list a few forwarders since the root hints servers are often busy and slow.


the link below straight from MS will answer most of your windows DNS questions:

http://support.microsoft.com/kb/291382
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 2
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now