A DNS forwarder is a DNS in the network which used to forward queries related to public sites to external Internet DNS Servers.
II. Why DNS Forwarders?
1) Internal DNS Security
There are chances that your company users want to access a public website, which can't be resolved by the internal DNS Servers (which mainly handle records internal resources) in that case internal DNS servers will try to forward the query to extnernal DNS servers.
To provide extra security to DNS Servers, network administrators might not want Internal DNS servers to communicate directly with external Public DNS servers. We will implement a DNS server in DMZ network to communicate to external public DNS servers.Hence, you can resolve names without exposing your network to outside servers.
2) Less WAN Link Utilization
If all the Internal DNS servers start communicating to external Internet DNS servers ( which is via WAN link) the overall WAN link speed will go down. So we will just have a DMZ Network which will keep cahce of most queried extneral sites and reduce need for external queries.
III. DNS Forwarder Architecture
All Internal DNS Server should be set to forward query to Forwarder DNS Server, which is in our case hosted in DMZ Domain.
The Forwarder DNS Server should have good capacity to maintain cache to reduce external queries.
Forwarder DNS Server should be responsible for taking care of query until the query is resolved using help of External Internet DNS Servers.
(Refer to diagram to understand complete query process)
No comments:
Post a Comment