billFmurray
asked on
using dns in dmz for queries. Good Idea?
Just wanted some general ideas about preventing AD servers from DNS lookups (just forwarding) and instead use a DNS server in the DMZ (probably Linux) doing the actual lookups. Our security guy wants to do this and was wondering what the implications are.
Has anyone had any good or bad experiences with this kind of setup?
I assume it's not that common any more?
Has anyone had any good or bad experiences with this kind of setup?
I assume it's not that common any more?
Well, many things in AD *need* DNS to work right, so getting such a setup would still require the DMZ DNS server to talk to the AD DNS server, virtually eliminating any security benefit. I'm not sure I understand the purpose.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.