0

I have been asked to investigate the resiliency of our DNS and it's config. What's the industry best practice around this?

The following have been suggested: the DNSAdmin group (which is usually created by default when creating a domain) has been removed from all the DNS servers. I doubt this would cause any issues as there are no members in this group, however what's the easiest way to add it top level and for inheritance to work (tested it in a lab environment and inheritance didn't work).

Thanks.

JSUSZ001
  • 1
  • Are you talking about your internal DNS and resolving (workstations, printers, internal servers and services), or rather your public DNS (your internet presence, your public web site(s), SMTP e-mail and the online services you may offer ) as those are usually rather different, both in purpose, tools and the (operational) risks and threats. – Bob Dec 02 '21 at 10:06
  • It's the internal DNS – JSUSZ001 Dec 02 '21 at 10:59
  • We have 3 site organisation. The links between all 3 organisation are okay and the bandwidth is more than enough. – JSUSZ001 Dec 02 '21 at 11:48

0 Answers0