Hi,
We have two public facing DNS servers. DNS1 Primary and DNS2 secondary.
DNS2 is using massive amounts of bandwidth. Can we have the updating ports only allow access to DNS1 and then have only port 53 open to the outside world. Thus DNS2 can only update from DNS1 but DNS1 can update from all other DNS servers on the net. Is this acceptable industry practice or would this be a workaround and not resolving the problem.
Ports open on DNS2 according to this link:http://technet.microsoft.com/en-us/library/dd197515(v=ws.10).aspx
Incoming port 53 only.
Outgoing: 1025 -5000 and 49152 -65535 (high usage happening on these ports)