Solved: DNS server in DMZ or Inside?

rolandshum · ‎04-16-2007

I'm currently using a Win2003 server as my DMZ on the inside of the network. It's also the server I use as my Domain Controller.

I am reviewing some of my policies and considering some changes. Is it best to have my DNS servers on the Inside or on the DMZ?

Richard Burts · ‎04-16-2007

Roland

It is not clear to me from your post what the usage of the DNS server is, and that would influence where you place the server. If the DNS server is only accessed by internal users then placement on the inside is fine. But if the DNS server is also access by anyone outside then I believe that you should place the DNS server in the DMZ.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎04-16-2007

Roland

It is not clear to me from your post what the usage of the DNS server is, and that would influence where you place the server. If the DNS server is only accessed by internal users then placement on the inside is fine. But if the DNS server is also access by anyone outside then I believe that you should place the DNS server in the DMZ.

HTH

Rick

HTH

Rick

rolandshum · ‎04-16-2007

Rick, the DNS server is only accessed by my internal users. It of course goes out to my ISP to look up when there is a request that isn't it it's tables. I thought it was ok on the Inside network but a bit of confirmation is always nice.

Thanks

Richard Burts · ‎04-16-2007

Roland

As long as the DNS server inside initiates the request to outside servers the responses should be allowed through and not represent a security threat.

HTH

Rick

HTH

Rick

Ibrahim Jamil · ‎08-05-2018

I think Split-DNS with 2 x Zones for the same Company fits in , aka DNS + Zone 1 for inside and DNS + Zone 2 in DMZ to serve outside request . like Jabber for example for VPN Less to dial into Company or for Webex acting IRP in DMZ

pls Rick confirm/Coment

HTH

Ibrahim