none
Better DNS configuration

    Question

  • Environmeent: 

    Customer with 2 Win Srv with DC and also DNS server roles ( AD integrated).

    The customer LAN is also to the internet connected. 

    From the Client IP definition point of view is it better:

    Configuring the IPV4 using DNS primary and DNS alternate only the IP ot the two Servers?

    or

    Configuring the IPV4 using DNS primary the IP of Server A and DNS alternate the IP of an external DNS (like 8.8.8.8)?

    Many Thanks in advance.

    Wednesday, September 05, 2012 9:09 AM

Answers

  • Hello,

    in a domain NEVER use external DNS servers, like 8.8.8.8, on the domain machines NIC.

    You run into name resolution problems a the external DNS servers normally do NOT know your internal domain names. This result in slow logons as clients will not find the correct DNS server to locate a DC to authenticate, GPOs are not applied correct and some more.

    So use the domain internal DNS servers as preferred/secondary and configure the FORWARDERS on the DNS server properties in the DNS management console with the ISPs DNS server.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Wednesday, September 05, 2012 11:49 AM
  • Hi

    There is no Difference between External DNS or Local DNS, you can setup without problem,

    Good Luck

    I agree with Meinolf. You MUST only use the internal DNS. YOu can configure a "Forwarder" to an external DNS for internet resolution, if you want, but NEVER use an external DNS internally when AD is involved.

    Here are specifics on AD and DNS:

    Active Directory's Reliance on DNS, and why you should never use an ISP's DNS address or your router as a DNS address, or any other DNS server that does not host the AD zone name
    Published by Ace Fekay, MCT, MVP DS on Aug 17, 2009 at 7:35 PM  1058  2
    http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, September 06, 2012 4:07 AM
  • Hi Pierluigi ,

    Yes, by default the option "use root hints if no forwarders are enabled" is enabled.
    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/4c9a39b5-8307-49c3-a4fa-aeeddfc41cbd

    Regards


    Rick Tan

    TechNet Community Support

    Friday, September 07, 2012 7:55 AM
    Moderator

All replies

  • Hi

    There is no Difference between External DNS or Local DNS, you can setup without problem,

    Good Luck

    Wednesday, September 05, 2012 11:31 AM
  • Hello,

    in a domain NEVER use external DNS servers, like 8.8.8.8, on the domain machines NIC.

    You run into name resolution problems a the external DNS servers normally do NOT know your internal domain names. This result in slow logons as clients will not find the correct DNS server to locate a DC to authenticate, GPOs are not applied correct and some more.

    So use the domain internal DNS servers as preferred/secondary and configure the FORWARDERS on the DNS server properties in the DNS management console with the ISPs DNS server.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Wednesday, September 05, 2012 11:49 AM
  • Hi

    There is no Difference between External DNS or Local DNS, you can setup without problem,

    Good Luck

    Hello,

    sorry but this is incorrect and result in problems. Please see my answer to the OP.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Wednesday, September 05, 2012 11:50 AM
  • Hi

    There is no Difference between External DNS or Local DNS, you can setup without problem,

    Good Luck

    I agree with Meinolf. You MUST only use the internal DNS. YOu can configure a "Forwarder" to an external DNS for internet resolution, if you want, but NEVER use an external DNS internally when AD is involved.

    Here are specifics on AD and DNS:

    Active Directory's Reliance on DNS, and why you should never use an ISP's DNS address or your router as a DNS address, or any other DNS server that does not host the AD zone name
    Published by Ace Fekay, MCT, MVP DS on Aug 17, 2009 at 7:35 PM  1058  2
    http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, September 06, 2012 4:07 AM
  • Hi Meinolf 

    First , thanks for the help.

    Jus another little question ( just to be sure) 

    I f  I use the  Forwarders with the ISP DNS server and for some reason this DNS is unavailable, will be able to lan Clients to navigate the web ( that is the DNS server will use also the DNS root hints ? ).

    Pierluigi 


    Thursday, September 06, 2012 7:44 AM
  • Hi Pierluigi ,

    Yes, by default the option "use root hints if no forwarders are enabled" is enabled.
    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/4c9a39b5-8307-49c3-a4fa-aeeddfc41cbd

    Regards


    Rick Tan

    TechNet Community Support

    Friday, September 07, 2012 7:55 AM
    Moderator
  • Hi Rick 

    Many Thanks to you and all the other peoples for the help :-)

     

    Thursday, October 11, 2012 10:39 AM