DNS Forwader

[Jeff LoSpinoso]

Also by default, a Windows NT or 2000 server will use the
root hints to query diretly to the public root name
servers, this is a better solution in my opinion. In
order for the root hints to work, you can't run a false
root on your internal DNS server.

Jeff

 

[William Stacey]

servers, this is a better solution in my opinion. In

Maybe. Couple things to concider however:
1) Forwarding is generally faster and produces less traffic for non-cached
records.
2) You can force all queries through one "hole" in your DMZ (say to your ISP
or external DNS server) and not have to allow queries/responses to all DNS
servers on the INET - which you have to do if your using root-hints
internally.

 

[William Stacey]

1) Get the IP address of your ISP's DNS server(s). They supply this to you.
2) Under the Properties of the server, goto the Forwarders Tab and enter the
IP addresses in step 1. Done.
--wjs

 

[Jonathan de Boyne Pollard]

JL> Also by default, a Windows NT or 2000 server will use
JL> the root hints to query diretly to the public root name
JL> servers, this is a better solution in my opinion.

It certainly has the advantage that it doesn't render one vulnerable to
whatever security problems the forwardee is vulnerable to. It also has the
advantage that one can choose which view of the DNS namespace one sees.
Whereas with forwarding one is constrained to see whatever view of the DNS
namespace the forwardee provides.

JL> In order for the root hints to work, you can't run a false
JL> root on your internal DNS server.

In order for the root hints to work, one cannot "run" _any_ root on one's DNS
server, "false" or not.