Security Question
Jonathan de Boyne Pollard
J.deBoynePollard at Tesco.NET
Tue Aug 3 04:43:39 UTC 2004
t> I was reading some stuff by Microsoft on split dns.
But you didn't read it carefully. (And, as a consequence, we have the
usual suspects playing Chinese Whispers again. <sigh>)
t> They insist that a dns server on a private network should never
t> use a root hints file but should always forward to the dns
t> server at you ISP.
No, that's *not* what (for one thing) Microsoft KnowledgeBase article
323380 says. Microsoft KnowledgeBase article 323380 says that one can
*either* use standard recursion *or* recursion by forwarding, and gives
procedures for setting up each. Where it mentions forwarding, it
qualifies that with an "if" clause. *If* one is constrained to being
required to use DNS services provided by one's ISP, one must configure
forwarding. But that's a significant "if". (It's also a
much-misunderstood one.)
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-monolithic-server-as-proxy.html#Microsoft>
<URL:http://groups.google.com./groups?selm=40E12A8C.C1741D6B%40Tesco.NET>
More information about the bind-users
mailing list