We help IT Professionals succeed at work.

Best Practice for DNS settings on Web Servers in a DMZmichaelmchaelmimma

Michael Machie
Michael Machie asked
on
I have (3) Web Servers residing on our DMZ, all with Publicly accessible web addresses. We are having odd connection issues where they will time out internally and externally, but more internally.

My question is about the DNS settings. I noticed that the person who managed these before me set Google's Public DNS settings (8.8.8.8 + 8.2.2.2) as the Primary and Secondary DNS servers. I am not so sure this is correct.

Should be using our internal DNS Servers instead of the Public Google one? We do not have a DNS server on the DMZ.
Comment
Watch Question

Top Expert 2016

Commented:
does it really matter?  they are not accessing the internal dns system.  if these web servers are not joined to the domain then no need to poke holes in the firewall
Top Expert 2014

Commented:
The only reason it would/should matter is if the web servers need to resolve a name that is only on your internal DNS server.  If that were the case I would expect you see more issues.

Do the web server logs show any errors?

Author

Commented:
No errors in the logs.
Mobile devices and laptops connect to these while connecting via external 4G as well as internal certificate authenticated wifi. We do have internal server names to resolve.

So, it does not matter which I use?
Top Expert 2016
Commented:
are these web servers in the DMZ part of the domain? If so then they need to use the internal domain server and you need to punch holes in the firewall for port 53 dns for these servers

Author

Commented:
Not domain connected.
Top Expert 2014
Commented:
If these web server need to resolve host names that are on the "inside" of your network then they should be using DNS servers that can resolve those names.

Author

Commented:
Ok thank you.