Solved

DNS question when used as a caching server and configured to use root hints

Posted on 2014-07-24
4
438 Views
Last Modified: 2014-07-25
Hi all,

have a design type query.
We are deploying a two 2008 R2 Core DNS caching server on a DMZ. The DNS server will be used for recursive quires using the root hints (no ISP DNS servers available). We will then configure our Active Directory integrated DNS servers to use the DMZ servers as forwarder from within DNS console. Here are the questions.
1. Does anyone see any inherent problems with the design?
2. Is there anything I need to be aware of in using the cache service as I've never set an OS to facilitate the service before - normally used ISA\ TMG.
3. Is it a bad idea to do this a different way, what about opening up the AD Integrated DNS servers to use the root hints themselves - any concerns?
Thank you for looking.
0
Comment
Question by:Jason Thomas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 40217154
The best option could be have ISP DNS server to which you will forward your name resolution queries from corporate network

The workaround you have should work

Please keep caching DNS servers in workgroup and do not allow any inbound traffic on them from internet
Just open dns port (53) from caching only server to internet to get name resolution
From internal AD servers you need to open 53 ports towards caching only server

Its not very good idea to enable direct internet name resolution on AD server if other options are abavailable.
0
 
LVL 1

Author Comment

by:Jason Thomas
ID: 40218636
Hi Mahesh, I appreciate your time in responding to ma thank you. I understand what you have said but do have one follow up question.
You say about not allowing any inbound traffic from the internet to the caching servers, I assume I open  open UDP and TCP port 53 from the caching servers through firewall and this will do what you recomend?
From Internal DNS servers, open UDP and TCP ports from each DNS server to the 2 caching servers?

Thank you.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40219293
Yes, you are right
Just trying to keep it secure as far as possible

If you want, you can open tcp 80 and 443 from caching servers to internet so in case you face any issues, you can test connectivity from caching only servers to internet
0
 
LVL 1

Author Closing Comment

by:Jason Thomas
ID: 40220334
Great tip thank you
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question