|
Posted by Barry Margolin on May 19, 2006, 11:19 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> boomboom999@yahoo.com says...
> > Hi,
> >
> > Is it considered a good security practice to not allow Active Directory
> > Domain Controlles making direct DNS requests to the Internet?
> >
> > I have read about different DNS responses attacks that can help an
> > attacker to take control of the DC via an incorrect DNS response
> > (buffer overflow etc.).
> >
> > Would it be more secure to use DNS forwarders?
> > If yes, where we should place them? Into DMZ?
>
> If you've got the capital to setup a dedicated DNS server to do the
> work, more power to you.
Even if you don't, you can always forward to your ISP's caching servers.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
| 
XML site map