Hi,
I am currently reviewing and re-designing our corporate domain infrastructure in preparation for upgrading to a Windows Server 2008 R2 DFL/FFL. For the last 10+ years the corporate view has been to disallow internet name resolution from our internal DNS servers. All web browsers use a WebSense proxy for internet name resolution, any other internet name resolution from within the corporate network fails as a result of this policy.
I'm just enquiring whether or not this is best practice or a legacy practice from many years ago when internet links/wan links were considerably slow and DNS traffic was deemed a waste of bandwidth. From all my previous employers internet name resolution was always available for none web browser applications/services and I've not known any companies to take this approach in my past experiences. I would also be grateful to know what the benefits/disadvantages are of this approach, off the top of my head I can think of only two disadvantages, one being not being able to ping websites/external hosts and the other being when configuring NTP you have to use IP address instead of DNS for the PDC Emulator. There are probably many more and I would like to build a case for enabling internet name resolution on our DNS infrastructure if this is considered best/common practice.
Many thanks
Craig