×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Advice on DNS setup/configuration

Advice on DNS setup/configuration

Advice on DNS setup/configuration

(OP)
Hi, I have little experience with DNS and wondering if it would be possible to setup a DNS server that resolves public and private IP's which are only available to users on the internal network?

How would this be setup and work? Thanks in advance.

RE: Advice on DNS setup/configuration

Here is what I do.....

On your firewall allow your DNS server to reach/search only trusted DNS server ( like DNS servers provided by large ISPs), by adding the trusted DNS servers address as a "forwarder" in the servers DNS setup. With forwarder(s) in place, your internal DNS server is only allowed access/searching ability to the forwarder for DNS lookups, it is not allowed to search other public DNS servers. The server designated as the forwarder does the DNS lookkups and gives the DNS results to your server.

Block DNS access to the outside ( by denying at the firewall) for your workstations, only allow them access to your internal DNS server. Workstation should only have the internal DNS server as "preferred server" on the WKS network setup .

Your server should be protected by AV software, should not be used for Internet cruising and be checked with anti malware programs regularly.

This protects both the server and workstation from go to rouge DNS servers hell bent on distributing malware. Particularity this stops the workstations from being redirected to bad DNS servers by clicking on links found at hundreds of sites on the Internet and within Email .




........................................

"Computers in the future may weigh no more than 1.5 tons."
Popular Mechanics, 1949

RE: Advice on DNS setup/configuration

(OP)
@technome,

Have you tried that and does it leak DNS data?

RE: Advice on DNS setup/configuration

Have this setup on approximately 25 servers.

Leak data? First of all there is no DNS data worth anything, secondly if setup as noted, the outside world has no access to your DNS server or workstations information, firewall blocks it.

........................................

"Computers in the future may weigh no more than 1.5 tons."
Popular Mechanics, 1949

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close