Link to home
Start Free TrialLog in
Avatar of billFmurray
billFmurrayFlag for United States of America

asked on

using dns in dmz for queries. Good Idea?

Just wanted some general ideas about preventing AD servers from DNS lookups (just forwarding) and instead use a DNS server in the DMZ (probably Linux) doing the actual lookups.  Our security guy wants to do this and was wondering what the implications are.

Has anyone had any good or bad experiences with this kind of setup?  

I assume it's not that common any more?
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image

Well, many things in AD *need* DNS to work right, so getting such a setup would still require the DMZ DNS server to talk to the AD DNS server, virtually eliminating any security benefit. I'm not sure I understand the purpose.
ASKER CERTIFIED SOLUTION
Avatar of DrDave242
DrDave242
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial