04-16-2007 09:02 AM - edited 03-09-2019 05:48 PM
I'm currently using a Win2003 server as my DMZ on the inside of the network. It's also the server I use as my Domain Controller.
I am reviewing some of my policies and considering some changes. Is it best to have my DNS servers on the Inside or on the DMZ?
Solved! Go to Solution.
04-16-2007 09:36 AM
Roland
It is not clear to me from your post what the usage of the DNS server is, and that would influence where you place the server. If the DNS server is only accessed by internal users then placement on the inside is fine. But if the DNS server is also access by anyone outside then I believe that you should place the DNS server in the DMZ.
HTH
Rick
04-16-2007 09:36 AM
Roland
It is not clear to me from your post what the usage of the DNS server is, and that would influence where you place the server. If the DNS server is only accessed by internal users then placement on the inside is fine. But if the DNS server is also access by anyone outside then I believe that you should place the DNS server in the DMZ.
HTH
Rick
04-16-2007 09:52 AM
Rick, the DNS server is only accessed by my internal users. It of course goes out to my ISP to look up when there is a request that isn't it it's tables. I thought it was ok on the Inside network but a bit of confirmation is always nice.
Thanks
04-16-2007 09:57 AM
Roland
As long as the DNS server inside initiates the request to outside servers the responses should be allowed through and not represent a security threat.
HTH
Rick
08-05-2018 07:43 AM
I think Split-DNS with 2 x Zones for the same Company fits in , aka DNS + Zone 1 for inside and DNS + Zone 2 in DMZ to serve outside request . like Jabber for example for VPN Less to dial into Company or for Webex acting IRP in DMZ
pls Rick confirm/Coment
HTH
Ibrahim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide