locked
DNS Forwarders RRS feed

  • Question

  • Hi, I'm hoping someone can help with this question regarding DNS Forwarding:

    I have an AD domain with 8 DNS servers across the country mix of (Win 2k8 R2/2012 R2/2016 servers).  

    • 3 x Read Only (Secondary) DNS servers
    • 4 x Master DNS servers

    The 4 x Master DNS severs are:

    • AD integrated zones
    • Dynamic Updates = Secure Only
    • Aging and scavenging is setup and working

    I want to reduce internet traffic so that only 1 or 2 DNS servers are configured with my ISP DNS servers as forwarders or root hints.  Do I need to configure all the other DNS servers in the domain with the IPs of the 2 DNS servers I configure for External ISP DNS or root hints as Forwarders in order for them to resolve external sites?  

    DNS1 - confirgured for ISP DNS or root hints

    DNS2 - confirgured for ISP DNS or root hints

    DNS3 - Set DNS1 & DNS2 on the forwarders tab?

    DNS4 - Set DNS1 & DNS2 on the forwarders tab?

    DNS5 - Set DNS1 & DNS2 on the forwarders tab?

    DNS6 - Set DNS1 & DNS2 on the forwarders tab?

    DNS7 - Set DNS1 & DNS2 on the forwarders tab?

    Any help would be appreciated.

    Thursday, May 16, 2019 7:43 PM

Answers

  • The domain members would use DNS in the order they're presented on connection properties. The forwarders should be used in the order they're entered on Forwarders tab.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, May 21, 2019 4:53 PM

All replies

  • Looks Ok to me. Yes, you'll need to add the specified forwarders on each DC as forwarders would not replicate across domain controllers.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, May 16, 2019 11:56 PM
  • Hi,

    I want to reduce internet traffic so that only 1 or 2 DNS servers are configured with my ISP DNS servers as forwarders or root hints.  

    If you want to limit internet traffic, I would suggest you configure DNS1 and DNS2 as DNS servers on clients that need to access the internet. So that you don't need to configure forwarder on all DNS servers and can control clients access to the internet.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, May 17, 2019 1:24 AM
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, May 21, 2019 6:25 AM
  • Thanks for all the feedback.

    So it appears that I will need to add the forwarder IPs on all the DNS servers both internal and external

    Internal DNS servers will have the 2 internal DNS servers that have the external ISP IPs as Forwarders configured as their Forwarder IPs.

    The 2 DNS servers designated to do external resolutions will have the ISP IPs as their Forwarders.

    Is there a priority for the servers listed on the Forwarders tab (e.g. top down)?

    I have offices across the country and some only have secondary DNS servers in those locations.  For the client DHCP leases I use the secondary DNS servers as primary and the closest master DNS as the second server.  I may configure 3 x DNS servers with external ISP DNS as forwarders just to make sure every office client/DHCP lease has a closer DNS server that can perform external lookups instead of having to travel across the country for lookups.

    Tuesday, May 21, 2019 4:25 PM
  • The domain members would use DNS in the order they're presented on connection properties. The forwarders should be used in the order they're entered on Forwarders tab.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, May 21, 2019 4:53 PM