On 4 Dec 2001, at 12:00, Rick Brown wrote: > I guess I'm just over-thinking it! So what's the most secure way > of allowing my internal DNS to query the ISP's DNS for internet > address resolution? The internal DNS server is W2K.
Well, the only reason that an internal client would ask the internal DNS to resolve an external hostname would be that it was about to try to send traffic -- perhaps even establish a connection! - - from the internal client to that external host. Assuming you allow that, I can't see that it's any less risk than allowing the internal DNS server to issue recursive requests to the ISP's DNS server. DG _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
