By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Our company's internal network is a 10.x.x.x segment behind a Cisco router and Pix firewall. We want to maintain our domain name of x.com. Would this require us to maintain Active Directory (AD) with our primary and secondary DNS servers? Or is it advisable to have our ISP maintain one DNS server? If our ISP maintains one DNS server, what ports are required to be open on the firewall for DNS updates between the DNS servers?
You should have your ISP perform secondary DNS services for you. Whether or not you use AD doesn't really factor into it. You certainly can use AD, but you're not required to. You'll need to open up TCP/UDP ports 53 at your firewall, at least between your DNS servers and the ISPs DNS servers. If you want to allow requests from the public Internet to be answered by your DNS servers, you'll have to open port 53 from all hosts to your DNS server as well.