Link to home
Create AccountLog in
Avatar of handymanaly
handymanaly

asked on

DNS server security in a DMZ

Regarding the DNS servers in the DMZ.  Generally is it best not use Active Directory (domain controller) for the DNS server in the DMZ and leave it as a workgroup.  Employees that troubleshoot this DMZ would have to go outside the firewall and use a public IP.

There may be one or two DNS servers that hold the zones used by the public.
A DC would provide better security but is it necessary?  
ASKER CERTIFIED SOLUTION
Avatar of Oleksiy Gayda
Oleksiy Gayda

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
A perfect answer Oleksiy.
One thing puzzles me handy: why do you say 'A DC would provide better security'? I just can't grasp what you mean with that so I could overlook something essential in your question.

J.