none
DNS forwarders question RRS feed

  • Question

  • I am working with a business that has a fairly simple 4 domain controller Server 2008 domain with AD-integrated DNS.  In their forwarders, they have each DC's DNS forwarding to another 1-2 domain controllers, and then have a forwarder entry out to their ISP DNS server.  Is this a normal configuration or will this cause issues?  Their DHCP is setting all 4 DNS boxes on their workstations in order of proximity, so there is redundancy there.

    We created several conditional forwarders for specific domains elsewhere in the corporation.  These are all AD integrated.  While they show as healthy, upon occasion, they seem to refuse to forward at random times (works in the AM and then queries to that domain fail in the afternoon).  There is no communications  issue to the authoritative source.  Could this issue be related to the forwarder entries to the other DCs?

    This is all a fairly simple configuration, so I am at a loss to explain the intermittent resolution issues that occasionally happen with the conditional forwarders.

    Wednesday, November 8, 2017 9:58 PM

Answers

  • Hi,

    If multiple DCs are configured as DNS servers, they should be configured to use each other for resolution first and themselves second. Each DC's list of DNS servers should include its own address, but not as the first server in the list. If a DC uses only itself for resolution, it may stop replicating with other DCs.

    Best practice for multiple DCs like below

    DC  A,B,C,D

    A perferred DNS   B        alternate  DNS 127.0.0.1 forwarder   ISP DNS
    B perferred DNS   C        alternate  DNS 127.0.0.1 forwarder   ISP DNS
    C perferred DNS   D        alternate  DNS 127.0.0.1 forwarder   ISP DNS
    D perferred DNS   A        alternate  DNS 127.0.0.1 forwarder   ISP DNS

    Best Regards,

    Frank



    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 9, 2017 6:12 AM

All replies

  • Hi,

    If multiple DCs are configured as DNS servers, they should be configured to use each other for resolution first and themselves second. Each DC's list of DNS servers should include its own address, but not as the first server in the list. If a DC uses only itself for resolution, it may stop replicating with other DCs.

    Best practice for multiple DCs like below

    DC  A,B,C,D

    A perferred DNS   B        alternate  DNS 127.0.0.1 forwarder   ISP DNS
    B perferred DNS   C        alternate  DNS 127.0.0.1 forwarder   ISP DNS
    C perferred DNS   D        alternate  DNS 127.0.0.1 forwarder   ISP DNS
    D perferred DNS   A        alternate  DNS 127.0.0.1 forwarder   ISP DNS

    Best Regards,

    Frank



    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 9, 2017 6:12 AM
  • Hi,
    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Frank

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 13, 2017 9:29 AM