Hi,
We have single forest and multiple child domains in forest and i am managing one child domain server. We also use TMG for internet and in TMG server we mentioned open DNS settings like 8.8.8.8 now internet name resolution is through TMG.but we have some special client which use faster internet for this purpose we mentioned one gateway and on client side we mentioned two DNS one for internal name resolution (For A Records) and for internet name resolution in client side we use 8.8.8.8
For Example
For TMG Client Configuration like this
IP: 172.17.5.6
Mask: 255.255.252.0
Gateway: None
DNS: 172.17.0.1 (Primary DC and DNS)
:172.17.0.2 (Secondary DC and DNS)
For Special Clients
IP: 172.17.0.55
MASK: 255.255.252.0
DNS: 172.17.0.1 (Primary DC and DNS)
: 8.8.8.8 (Open DNS for internet name resolution)
Now i want to remove 8.8.8.8 for Special Client and also want internet name resolution through 172.17.0.1 (Primary DC and DNS) , so what i configured and best way to design according to security
Should i use forwarding and define ISP DNS just open port 53 for my dc (bcoz i do not want to publish my dc on internet)?
Should i use forwarding and define Open DNS just open port 53 for my dc (bcoz i do not want to publish my dc on internet)?
Should i allow root hints but for root hints should i just open port 53 or allow whole internet?
Which is the safest way to configure DNS?