Strange DNS forwarding

[efector]

Hello. I have my internal DNS servers set up to forward requests to my DNS server in our DMZ, which in turn make/forward requests out to the internet. The odd thing that is happening, is that my internal DNS servers are making requests out to the internet(or trying to)themselves. I have set my internal DNS server to forward ONLY to my DMZ DNS servers. Any help?

The internal servers are attempting DNS requests to the following(and this is only a partial list):

64.58.81.251,64.191.219.251,192.42.93.30,192.5.6.30,192.33.14.30,
216.27.75.45

 

[porkchopexpress]

Do you have them set to use recursion? This can cause them to query a root server if they don't get an answer from your forwarders.

http://technet2.microsoft.com/windo...235e-4fd4-b4da-7e57e70ad3821033.mspx?mfr=true

 

[efector]

So, if I want to have my internal DNS servers ONLY use the DMZ DNS servers, then I should DISABLE recursion, correct? Should I increase the timeout length? What is the downside of not allowing recursion?

 

[porkchopexpress]

This feature can be used for security purposes as it prevents your DNS servers contacting potential rogue DNS servers and can protect against cache poisoning.

If you want the DNS server to only use forwarders and not attempt any further recursion if the forwarders fail, select the Do not use recursion for this domain check box.

 

[porkchopexpress]

You can turn off recursion as the DMZ DNS servers will still perform the function.