Client resolution of internet names

  • Thread starter Thread starter jamestulloch
  • Start date Start date
J

jamestulloch

Hi All,

Should I allow clients to resolve internet adresses by setting up
forwarding on my DNS servers. All my DNS servers are DCs in Windows
2003 native domain.

I was going to just force all internet lookups to go via IE and proxy
server.

What are the security implications of allowing this. I read somewhere
that the DNS acket will contain information about the ip address
structure and naming of our domain. Is this true? Does it matter?

TIA

James Tulloch
 
In general, if you have invested in a proxy server then you should
use it. Bypassing it only reduces the values it can provide to you.

Having a DNS server forward queries to external DNS servers
does not reveal internal information. Allowing the public NIC
interface used for the DNS forwarding to also respond to DNS
queries received on it however can. These are two separate
capabilities and are configured independently from each other.
 
Back
Top