Questions about DNS

  • Thread starter Thread starter Kimlyn
  • Start date Start date
K

Kimlyn

What threats do we protect ourselves from by not
publishing our DNS on the internet for everyone to see?

What would be needed to publish our DNS on the internet?

What considerations do we need to take into account?
 
There's not a lot of info here so I'll give vague sort of response. :)

The rule of thumb I'd suggest is publish what you need to publish and
nothing more. Giving any information to potential attackers is something to
avoid when possible. This is not a strong line of defense but it's cheap and
it doesn't hurt.

In any event, your external servers should be a separate set of machines
from your internal servers. You won't need to publish all of your DNS
information because hopefully the addresses in your AD DNS zone are not
reachable from the outside world. Publishing them, for most enterprises,
just doesn't make sense since a client from the Internet couldn't use the
addresses anyways.
 
Publishing your DNS would expose your internal network structure to whoever wished to view it. This is probably not the intended purpose you are after. Is
there a specific service you wish to offer to the Internet? If you are hosting a website or email, DO NOT publish your DNS. This would give away way too much
info. Put up an external DNS server for this purpose. Do not make this machine a member of your internal network or domain. Put up a good firewall in front of
it to protect against other attacks. Only put info in this DNS server that is required to offer the services you need.

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
 
Back
Top