Should our ISP maintain our DNS server?

Our company's internal network is a 10.x.x.x segment behind a Cisco router and Pix firewall. We want to maintain our domain name of x.com. Would this require us to maintain Active Directory (AD) with our primary and secondary DNS servers? Or is it advisable to have our ISP maintain one DNS server? If our ISP maintains one DNS server, what ports are required to be open on the firewall for DNS updates between the DNS servers?
You should have your ISP perform secondary DNS services for you. Whether or not you use AD doesn't really factor into it. You certainly can use AD, but you're not required to. You'll need to open up TCP/UDP ports 53 at your firewall, at least between your DNS servers and the ISPs DNS servers. If you want to allow requests from the public Internet to be answered by your DNS servers, you'll have to open port 53 from all hosts to your DNS server as well.
This was first published in July 2003

Dig Deeper on Windows Server Monitoring and Administration



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:









  • VDI assessment guide

    Wait! Don't implement VDI technology until you know your goals and needs. A VDI assessment should consider the benefits of a VDI ...

  • Guide to calculating ROI from VDI

    Calculating ROI from VDI requires a solid VDI cost analysis. Consider ROI calculation models, storage costs and more to determine...

  • Keep the cost of VDI storage under control

    Layering, persona management tools and flash arrays help keep virtual desktop users happy and VDI storage costs down.