[isalist] Re: dns forwarders

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 6 Apr 2006 14:59:03 -0500

You can install a caching only DNS forwarder on the ISA firewall itself.
 
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/> 
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 


________________________________

        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ara Avvali
        Sent: Thursday, April 06, 2006 2:53 PM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: dns forwarders
        
        

        I have 2 windows 2003 domain controllers and everyone is
pointing to them. Would that change the scenario?

        Appreciated 

         

        
________________________________


        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
        Sent: Thursday, April 06, 2006 12:49 PM
        To: isalist@xxxxxxxxxxxxx
        Subject: [isalist] Re: dns forwarders

         

        If you have a dedicated DNS resolver, use root hints. I wouldn't
use root hints on the DNS server on my DC.

         

        Thomas W Shinder, M.D.
        Site: www.isaserver.org <http://www.isaserver.org/> 
        Blog: http://blogs.isaserver.org/shinder/
        Book: http://tinyurl.com/3xqb7
        MVP -- ISA Firewalls

         

                 

                
________________________________


                From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ara Avvali
                Sent: Thursday, April 06, 2006 2:45 PM
                To: isalist@xxxxxxxxxxxxx
                Subject: [isalist] Re: dns forwarders

                Hi Tom,

                 

                Do you see any down side of just using root hints? 

                 

                
________________________________


                From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
                Sent: Thursday, April 06, 2006 12:40 PM
                To: isalist@xxxxxxxxxxxxx
                Subject: [isalist] Re: dns forwarders

                 

                I like them when I manage the forwarder.

                 

                Thomas W Shinder, M.D.
                Site: www.isaserver.org <http://www.isaserver.org/> 
                Blog: http://blogs.isaserver.org/shinder/
                Book: http://tinyurl.com/3xqb7
                MVP -- ISA Firewalls

                 

                         

                        
________________________________


                        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
                        Sent: Thursday, April 06, 2006 2:30 PM
                        To: ISA Mailing List
                        Subject: [isalist] Re: dns forwarders

                        I don't....:)

                         

                        
________________________________


                        From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
                        Sent: Thursday, April 06, 2006 4:25 PM
                        To: ISA Mailing List
                        Subject: [isalist] Re: dns forwarders

                         

                        I like forwarders.

                         

                        Thomas W Shinder, M.D.
                        Site: www.isaserver.org
<http://www.isaserver.org/> 
                        Blog: http://blogs.isaserver.org/shinder/
                        Book: http://tinyurl.com/3xqb7
                        MVP -- ISA Firewalls

                         

                                 

                                
________________________________


                                From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
                                Sent: Thursday, April 06, 2006 1:33 PM
                                To: ISA Mailing List
                                Subject: [isalist] Re: dns forwarders

                                Do not use forwarders......at all

                                 

                                S

                                 

                                
________________________________


                                From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ara Avvali
                                Sent: Thursday, April 06, 2006 3:28 PM
                                To: ISA Mailing List
                                Subject: [isalist] dns forwarders

                                 

                                Hello everyone.

                                 

                                Would someone clear this for me? It's a
bit off topic.

                                 

                                Domain controller (192.168.0.a) <------>
(192.168.0.b) ISA (192.168.1.c) <----> (192.168.1.d) LinkSys Router
<----> ISP

                                1.      If I want to add forwarders to
dns tab of domain controller, should I put the internal side ip address
of router or should I put the one from ISP? 
                                2.      Does domain controller cache DNS
requests too pretty much like http caching? Or does it go and ask every
single time there is query. 

                                 

                                Appreciated 

Other related posts: