troubleshooting Question

DNS Configuration Best Practice

Avatar of CProp
CProp asked on
3 Comments1 Solution1280 ViewsLast Modified:
I'm having an issue with external consultant that came in to assess our network and reported to management that we have important security risk with the way our DNS service is configured.

We are currently running Microsoft DNS on four Windows 2003 servers and we currently have our ISP's DNS servers and Google DNS ( specified in our forwarder list.

I'm trying to research to see if we are really at ''risk'' with our current setup, were we do use a DNS server on DMZ.
We do not have Web servers at our site and our MX records are configured with https:/

I have heard different stories about forwarders and I'm trying t get a feel for what the best practice regarding forwarders is.  

There are those that insist that is is a best practice to have DNS servers on your LAN for internal resolution and forward your external DNS request to a DNS server on your DMZ. This DNS server can point to your ISP, Google DNS or even root hints servers.

I guess, for a quick win I could put OpenDNS instead of my ISP, but not sure of best way moving forward.

Any  help would be really appreciated.


Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros