Best practices for resolving external DNS queries

Posted on 2006-05-16
Last Modified: 2010-03-18
We are currently running Microsoft DNS on two Windows 2000 servers and we currently have our ISP's DNS servers specified in our forwarder list.  I have heard two different stories about forwarders and I'm trying t get a feel for what te best practice regarding forwarders is.  In the blue corner are those that insist that is is a best practice to forward your external DNS request to your ISP's DNS servers as these servers perhaps have common addresses cached on the server making for a quick answer to you.  In the red corner are those that believe that you should not be specifying your ISP's DNS as a forwarder but get all your answers from the root hints servers.  The basis of this is that your ISP's DNS might go down and you can't get any resolutions while they are down.  In addition to this the proponents of using the root hints servers say that you will always get the correct answer from the root hints as they are not allowed to cash answers and you avoid the possibility of getting a poluted cached response if your ISP's cache is corrupt.  Any  help would be appreciated.
Question by:wchull
    LVL 5

    Accepted Solution

    I had this discussion with a Microsoft support tech a couple fo years ago. The Microsoft tech chastised me for not using forwarders and proclaimed that not using forwaders was the root of all evil in the world. The problem I had with using fowarding, is our ISP apparently played musical IP address with its DNS servers and we would find frequent errors in the event log. I discontinuing forwarders and the event log errors went way. Now that we have a stable ISP, we use forwarders and have done so for the last 1 1/2 years and we have experienced no problems that I am aware of.

    So in conclusion, I am not sure that it mattered whether we used forwarders or root hints. Even when we recieved event log errors, there were no noticeable problems. It just looked ugly in the event viewer.

    If I can find a list of pros and cons, I will post it for you.
    LVL 5

    Expert Comment

    Well, there is the one point. I think that it is probable faster for your ISP's DNS servers to resolve queries ( a la "forwarders") since they will have more cached entries on their DNS servers. If you use root hints, then your DNS server resolves the query on its own. Maybe this could become an issue on an older server or a server that runs many services i.e., DNS, SQL, DHCP, AD.

    But I really don't know how much a difference it could be.
    LVL 26

    Assisted Solution

    I'm on the opposite side of the fence. I have 4 nameservers on my network. 2 are for active directory and they both forward to the other tho which are authoritative for other domains and reverse dns. These top level dns servers are recursive and use the root hints to find the answers. I COULD forward these servers to my ISP's servers but...then you are at the mercy of your ISP. If they change addresses and don't tell you, if they go down, cache gets poisoned or have any other problems, you feel it.

    The whole "it's faster because you're using your isp's cache" idea isn't always valid either. My top level nameservers act as a cache for the rest of my network. They are VERY stable (uptime in years) so the cache is never destroyed. Sure the first time someone asks for a name it'll take a little longer to resolve..but then after that it is cached locally. Who knows how often your isp's nameservers get restarted/crash/dump the cache.  

    "The Microsoft tech chastised me for not using forwarders and proclaimed that not using forwaders was the root of all evil in the world."
    Now that is a case of the pot calling the kettle black if I've ever heard one. That is rediculous.
    LVL 5

    Expert Comment

    "That is rediculous."

    Doesn't that describe Microsoft tech support?
    LVL 5

    Expert Comment

    I checked my DNS properties this morning and dsicovered that I am using root-hints, not forwarders. I shows how much it matters - I could not tell which one I am using.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Suggested Solutions

    Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
    Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    This video discusses moving either the default database or any database to a new volume.

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now