BYRONJACKSON
asked on
BENEFITS OF DNS FORWARDERS
Hello All,
Just wanted to clarify the position on a few things in DNS and wanted an experts opinion to the following:
Is it still best practice to utilise a forwarder as opposed to root hints within DNS? I was always told that using root hints would increase network traffic on a lease line and possibly expose DNS - is this still correct?
Also on a DNS server - is it best practice to remove the 127.0.01 address and replace with the IP address of the DNS server - ie point the DNS to itself 1st and any partner second?
If someone could give more detail why the above is or is now not correct I would be most grateful.
Best regards
Byron
Just wanted to clarify the position on a few things in DNS and wanted an experts opinion to the following:
Is it still best practice to utilise a forwarder as opposed to root hints within DNS? I was always told that using root hints would increase network traffic on a lease line and possibly expose DNS - is this still correct?
Also on a DNS server - is it best practice to remove the 127.0.01 address and replace with the IP address of the DNS server - ie point the DNS to itself 1st and any partner second?
If someone could give more detail why the above is or is now not correct I would be most grateful.
Best regards
Byron
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much really helpful - hope the share of points will be ok with you all
ASKER
Thank you for this - was reading through an old TechNet on DNS and found this:
"Without having a specific DNS server designated as a forwarder, all DNS servers can send queries outside of a network using their root hints. As a result, a lot of internal, and possibly critical, DNS information can be exposed on the Internet. In addition to this security and privacy issue, this method of resolution can result in a large volume of external traffic that is costly and inefficient for a network with a slow Internet connection or a company with high Internet service costs."
Does this still stand true and what exactly will someone be able to see using the root hint method? It is this I am trying to get my head around. You see I was kind of told also that DNS should where possible forward to ISP first in order that any hidden functionality would become available and then perhaps 8.8.8.8 Google?
Is it a security risk?