Re: DNS Best Practices Question

We uwe BIND 9 servers in a DMZ as our relays.  These servers are configured as a
slave of out internal version of our domain.  ACLs are configured into the BIND
config to allow queries from internal/DMZ networks only.  These
servers are givin
a root.hints file for the "." zone.  So, these servers to all the
iteration work to resolve
the queries.

The reason for the slaving of our internal version of our domain on the DMZ DNS
servers, is for the other macines in the DMZ to be able to lookup
internal and external
entries.  (The other DMZ servers are things like our SMTP relays.)


On Fri, 19 Nov 2004 15:25:01 -0600, Richard St John
<richard.stjohn@gbe.com> wrote:
> Good afternoon list,
>
> Currently we have 3 firewalls that are sending outbound traffic to the 
> Internet.
>
> When a DNS request comes in we have it forward from internal interface to
> external interface. The external DNS servers then sends the request to one
> of three main DNS servers at our ISP
>
> Well, yesterday all three of the DNS servers at our ISP had major issues and
> it caused DNS related issues within the company. As a result several
> discussions were held as to the industries Best Practice on this.
>
> What is the current thoughts on "Best Practice" for this. Should we forward
> the DNS request to these other servers, or should we have the firewalls do
> the work themselves? What is the industry doing?
>
> Your thoughts and comments would be appreciated.
>
> Richard St. John
> Graybar Electric Company


-- 
END OF LINE
       -MCP