I have recently joined a new company that is preparing for a migration to Win2K/Active Directory, and is re-examing our DNS setup.
Currently, our primary DNS server is our firewall; it not only provides for internal resolution, but also replicates changes to our ISP for public hosts. It *is* setup so that only publicly accessible hosts replicate to our ISP, but the whole setup still makes me nervous. We rarely make changes to public DNS (once a day TOPS); we could very easily call the ISP and make changes that way.
I’ve always been of the opinion that firewalls are for one task only: Securing the network. They shouldn’t be running applications (ours also acts as an SMTP relay).
My questions are: Am I nuts? If not, can someone point me to an authoritative source in print/on the web that backs me up?
Thanks much in advance,
Bill