Archived from groups: microsoft.public.win2000.dns (
More info?)
If this is a Test site... will you actually have these on a DMZ with public
access?
If so, initially KISS- keep it very simple... use a primary w/ masters and
restric others from pulling zones and updates.
Your firewall can protect you from most of your DOS of other services if you
can set your QoS and connections per host.
Then use
http://www.dnsreport.com to querey your public DNS servers. They
do a good job of detailing any issues and explaining what changes you need to
make.
"Ryan Hanisco" wrote:
> Herb is right -- leaving this with the registrar is the best idea and I
> can't think of any of them that do not allow you to change your records over
> the web. Get this away from your ISP.
>
> If you do decide to run your own...
> 1. Remember you MUST have two DNS servers which are usually dedicated to the
> task
> 2. Tighten your Firewall/ Routing rules to allow only DNS to these boxes
> 3. Do not run a web server or FTP server on these as the DOS risk is very
> high.
> 4. Consider running BIND <gasp> on LINUX/ BSD <gasp>
> 5. If you have any doubts or feel that you don't have a full handle on the
> risks you're exposing your organization to, don't do it. The pain of calling
> your ISP is nothing compared to a DOS attack on your DNS servers or domain
> redirect.
>
> --
> Ryan Hanisco
> MCSE, MCDBA
> FlagShip Integration Services
> Chicago, IL
>
> "Daved" <Daved@discussions.microsoft.com> wrote in message
> news:7FD85D5E-5CB5-4775-8407-70A1E0A80EFF@microsoft.com...
> >
> >
> > "Herb Martin" wrote:
> >
> >> "Daved" <Daved@discussions.microsoft.com> wrote in message
> >> news
1B92CDD-F146-48A2-8ABC-FA565CA313BE@microsoft.com...
> >> > Is there a "best practices" or some type of configuration guide to
> >> > setting
> >> up
> >> > w2k to be a public DNS server?
> >>
> >> The following SHOULD be a best practice for all but
> >> the largest companies (in terms of Internet presence):
> >>
> >> Leave your External DNS at the Registrar.
> >>
> >> > I get internal DNS servers. What I'm looking for is what to look out
> >> > for,
> >> > or do differently with a DNS server that is exposed to the general
> >> internet
> >> > from a configuration standpoint.
> >>
> >> Avoid all this by using someone like GoDaddy.com or Register.com
> >>
> >> They have 24-7 staffs to maintain their fault tolerant
> >> servers near the backbone and you already pay for
> >> the DNS service when you register the name so it is
> >> essentially free.
> >>
> >> Run your own internal DNS, but let the registrar handle
> >> your public zone DNS servers.
> >>
> >>
> >>
> >
> > I'll agree to a point, but this isn't for my companies main web site, it's
> > for a test domain, and it's a hassle to keep calling the ISP to make
> > changes,
> > so I'm going to take control of it myself.
> >
> > It's odd that MS wouldn't have something on the site. I can find plenty
> > of
> > guides and articals for setting up internal DNS, but nothing on
> > specifically
> > on public DNS.
>
>
>