DNS question for security (DMZ, Private and ISP DNS _

My customer DNS (two WIN 2000 AD) in the private will forward request to IIS
5 DNS in the DMZ.  When registering the domain of the customer, would you
use the ISP DNS for the customer'domain 2 DNS? Or you would use the DMZ'DNS
Server in the DMZ and the ISP DNS for the secondary ???  I'm concerned about
security....



JF
0
Jean
8/16/2001 4:22:00 AM
grc.security 16608 articles. 3 followers. Follow

1 Replies
962 Views

Similar Articles

[PageSpeed] 3
Get it on Google Play
Get it on Apple App Store

    Unless your customer has an arrangement for the ISP to host their public
DNS, then it will do no good to have the ISP's DNS servers listed in the
domain registry.  Security wise, it would be better to have 2 dedicated DNS
servers operating in stand alone mode in the DMZ hosting your public DNS
records.  Dynamic updates should be turned off, and the firewall configured
to allow only DNS (and maybe ECHO_REPLY) traffic to/from those servers.

KuoH

"Jean-Francois Bourdeau" <jfbourdeau@videotron.ca> wrote in message
news:9lfhlr$1tt3$1@news.grc.com...
> My customer DNS (two WIN 2000 AD) in the private will forward request to
IIS
> 5 DNS in the DMZ.  When registering the domain of the customer, would you
> use the ISP DNS for the customer'domain 2 DNS? Or you would use the
DMZ'DNS
> Server in the DMZ and the ISP DNS for the secondary ???  I'm concerned
about
> security....
0
KuoH
8/16/2001 1:58:00 PM
Reply:

Similar Artilces:

DNS security patch
Hi, running NW65SP7. I see since Aug 8th (TID#5032400) the security patch for the popular DNS issues has now been posted. What I'm wondering about is it necessary to post this to your server if your DNS is only used for internal queries? That is the DNS cannot be queried from outside the firewall? If not needed when an internal DNS only, then I won't bother installing and risking my environment, since there's no other fix mentioned in the release. Cheers James Jjb, > That is the DNS cannot be queried from outside the > firewall? Do you trust t...

DNS? What DNS?
This has never happened before and in light light of this morning's news about the DDOS I was wondering if it is just my machine or if something else is going on. Background: A firewall on one of my machines blocked IE from getting to the net. I wanted to trace where it was planning to go to (207.188.24.150)to figure out if this was just XP again or something else. I tried Neo Trace and PC Helps "Net Tracer" but neither can track it. All I get is "undetermined" or "timed out" Robin In article <3DB714A2.7050902@twcny.rr.com>, omeru...

Securing DNS.
Can anyone tell me what's the best way to lock down DNS so that it doesn't send out root hints ? Just moved our DNS and now it's responding to such queries. Is this something I can do with a query filter ?! Thanks. -- neiljt1 ------------------------------------------------------------------------ neiljt1, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Visit http...

DNS SECURITY ALGORITHM NUMBERS DNS KEY and SIG RRs
DNS SECURITY ALGORITHM NUMBERS DNS KEY and SIG RRs [RFC2535] use an 8-bit number used to identify the security algorithm being used: Number DescriptionReference --------- ------------------------------ --------- 0 Reserved 1 RSA/MD5 [RFC2537,RFC1321] deprecated, see 5 2 Diffie-Hellman [RFC2539] 3 DSA/SHA1 [RFC2536,DSA,SHA-1] 4 Reserved for Elliptic Curve Crypto 5 RSA/SHA-1 [RFC3110] 6 - 251 Reserved by the IANA 252 ...

Securing DNS
Any thoughts on protecting DNS queries from prying eyes? I already have two servers running ISC BIND 9.9.4 setup to do DNSSEC validation and recursive. I do not have set to forward either so the servers queries the root servers. I never use my ISP's DNS servers as I see it as a privacy concern. I know the DNS queries are UDP unecrypted. Is there anyway to encrypt the DNS traffic between my DNS servers and root servers? With all this talk about HTTPS PFS and secure VPN's......what about DNS and DNSSEC? How can we protect ourselves from tampered DNS queries and in...

Secure DNS?
I just read an article about secure dns, being called DNSSEC. (www.dnssec.net) Does Novell's DNS server support this new feature? Thanks, Cheryl Cheryl Fischer Network / Email Administrator Horizon Bank Cheryl, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp - Check all of the other support tools a...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

Security and DNS
--____FIVYRACBLJROFPKWMWQS____ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hi all: We're running DNS on Netware 6.5 SP2 as a clustered resource. It is = working very well (thanks for asking!) We have been running through our year end security self audit and I have = been tweaking our DNS setup up.=20 What I have done is this: Each client on LAN: gets 2 DNS entries. One local DNS server and one at a = remote office (both Netware). Offices are interconnected by private lines = so this process is all behind the firewall. Each...

DNS UP
Hi We are running 2 BM (3.8) Proxies and until today they have been operating reasonably well. Today we have started getting a lot of 504 errors on workstations using either both servers, looking at the proxy DNS page (on both servers) the DNS links are continually going up and down (like our internet) We have 3 DNS servers entered 2 external and 1 internal. I have tested from outside the BM Servers $and know the 2 external DNS servers are working fine (also no one else who use our provider have an issue). The internal DNS also seems fime. We have not made any changes to th...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

DNS question re: my ISP's static DNS
I just got a broadband connection last week through a wireless internet provider. All went well at first, but last night began experiencing many interrupted sessions, couldn't resolve host name was the issue. Router is properly configured with my static IP, and the first, second, and third DNS addresses supplied by the ISP. No problem to ping the router, but could not get out to the WAN at all. Finally got to the point early this afternoon that I had no ability to resolve a name at all. Rebooted radio-modem, router, computer tonight, still no success. Finally I swapped the 3rd...

Question about DNS about DNS over VPN
Hi, we have got a problem (probabliy we misunderstood something) with the VPN - Client. When I login with the VPN-Client, where can I set the DNS-Context (Search Context) which will be passed to the Client? I can not find any settings at the VPN Definitions. Thanks in advance Reg. Thomas Thomas, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http...

Comodo Secure DNS
http://www.comodo.com/secure-dns/ Looks interesting? Perhaps it could be added to DNS Benchmark? DNS Nameserver Spoofability Test passes with flying colors.. Comodo Secure DNS is a domain name resolution service that resolves your DNS requests through our worldwide network of redundant DNS servers. This can provide a much faster and more reliable Internet browsing experience than using the DNS servers provided by your ISP and does not require any hardware or software installation. Comodo Secure DNS gives you a safer, smarter and faster Internet because it's: More R...

Web resources about - DNS question for security (DMZ, Private and ISP DNS _ - grc.security

West Lothian question - Wikipedia, the free encyclopedia
He illustrated his point by pointing out the absurdity of a Member of Parliament for West Lothian being able to vote on matters affecting the ...

South Africa: Questions Raised Over Former Minister's Signature On Nuclear Procurement Notice
As questions are raised by opposition parties over former energy minister Ben Martins' signature on the recently gazetted notice to move ahead ...

Submit your questions for Autoblog Podcast #460
Filed under: Podcasts We're recording Autoblog Podcast #460 this week, and our main focus will be answering our listeners' questions. Submit ...

If you want to work for Airbnb, get ready to answer these 27 ridiculous interview questions
Airbnb is the third-most valuable private tech company in the world — it has a $25.5 billion valuation . If you want to work there, you might ...

Review: Ten Economic Questions for 2015
At the end of each year, I post Ten Economic Questions for the coming year. I followed up with a brief post on each question. The goal was to ...

Questions raised about San Bernardino shooter's visa
Chair of House Judiciary Committee says immigration officials had insufficient evidence to issue Tashfeen Malik a visa to enter the U.S.

“R. Kelly walked out of a HuffPo interview after some awkward questions” links
R. Kelly walked out of HuffPo interview after being asked some awkward questions about his fans’ reactions to his sexual assault of minors. [Dlisted] ...

Shocker: Hillary Clinton Spins Question On Bullying In Order To Criticize Donald Trump
Shocker: Hillary Clinton Spins Question On Bullying In Order To Criticize Donald Trump

A very important question: What are your Christmas food traditions?
Merry Christmas! I have an important question for you: What do you cook and/or eat on Christmas? Thanksgiving is easy. There’s a standard repertoire ...

David Foster Defends His Ex Yolanda Foster: Don't Question Her Lyme Disease
David Foster Defends His Ex Yolanda Foster: Don't Question Her Lyme Disease

Resources last updated: 12/26/2015 3:57:01 PM