Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Advice on DNS setup/configuration
- Thread starter alpha76
- Start date
Here is what I do.....
On your firewall allow your DNS server to reach/search only trusted DNS server ( like DNS servers provided by large ISPs), by adding the trusted DNS servers address as a "forwarder" in the servers DNS setup. With forwarder(s) in place, your internal DNS server is only allowed access/searching ability to the forwarder for DNS lookups, it is not allowed to search other public DNS servers. The server designated as the forwarder does the DNS lookkups and gives the DNS results to your server.
Block DNS access to the outside ( by denying at the firewall) for your workstations, only allow them access to your internal DNS server. Workstation should only have the internal DNS server as "preferred server" on the WKS network setup .
Your server should be protected by AV software, should not be used for Internet cruising and be checked with anti malware programs regularly.
This protects both the server and workstation from go to rouge DNS servers hell bent on distributing malware. Particularity this stops the workstations from being redirected to bad DNS servers by clicking on links found at hundreds of sites on the Internet and within Email .
........................................
"Computers in the future may weigh no more than 1.5 tons."
Popular Mechanics, 1949
On your firewall allow your DNS server to reach/search only trusted DNS server ( like DNS servers provided by large ISPs), by adding the trusted DNS servers address as a "forwarder" in the servers DNS setup. With forwarder(s) in place, your internal DNS server is only allowed access/searching ability to the forwarder for DNS lookups, it is not allowed to search other public DNS servers. The server designated as the forwarder does the DNS lookkups and gives the DNS results to your server.
Block DNS access to the outside ( by denying at the firewall) for your workstations, only allow them access to your internal DNS server. Workstation should only have the internal DNS server as "preferred server" on the WKS network setup .
Your server should be protected by AV software, should not be used for Internet cruising and be checked with anti malware programs regularly.
This protects both the server and workstation from go to rouge DNS servers hell bent on distributing malware. Particularity this stops the workstations from being redirected to bad DNS servers by clicking on links found at hundreds of sites on the Internet and within Email .
........................................
"Computers in the future may weigh no more than 1.5 tons."
Popular Mechanics, 1949
- Thread starter
- #3
Have this setup on approximately 25 servers.
Leak data? First of all there is no DNS data worth anything, secondly if setup as noted, the outside world has no access to your DNS server or workstations information, firewall blocks it.
........................................
"Computers in the future may weigh no more than 1.5 tons."
Popular Mechanics, 1949
Leak data? First of all there is no DNS data worth anything, secondly if setup as noted, the outside world has no access to your DNS server or workstations information, firewall blocks it.
........................................
"Computers in the future may weigh no more than 1.5 tons."
Popular Mechanics, 1949
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question