Solved

Where should I point my DNS forwarders if my ISP does not provide an authoritative server?

Posted on 2006-07-18
10
392 Views
Last Modified: 2013-11-30
I am setting up a small AD environment on a non business class dsl and enabled DNS forwarders but need secure DNS servers to point to.
0
Comment
Question by:mantic1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3
10 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17131623
You can't use anyone's DNS servers.
I normally say to use the ISPs. Otherwise see who the ISPs upstream provider is and use their's.
If you are getting a web site hosted then see if you can use the host's DNS servers.

Simon.
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 17131631
what has your ISP given you for DNS resolution for your hosts?

That is what I would point it at also if you set up your local host to be a caching name server it will use the root name servers on the internet.

http://www.root-servers.org/

check that out if they have not given you anything.

Thanks
Scott
0
 
LVL 57

Expert Comment

by:giltjr
ID: 17131826
O.K.  Lets make sure we understand everything.  

DNS forwarders are not the same thing as authorive DNS servers.  I have never heard of a ISP not providing DNS reslovers.

What do you mean by "secure DNS servers?"  Do you mean that you need to find some, secure meaning acquire the IP address of them?  Or do you mean that they need to be secure in the sense they are protected.

Do you really need to have DNS servers on the Internet that reslove host name for your IP domain?
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 

Author Comment

by:mantic1
ID: 17131975
I'm use to having an agreement w/ your corporate ISP to use their DNS servers as forwarders.   What do you use instead if your dont have a business class solution?  I understand that you can't simply point to a DNS server your home ISP server provides and selecting a random DNS server could compromise your network.  Hence, i want a secure DNS server that is available as a forwarder.  btw - I'm using this article as reference  http://mcpmag.com/Features/article.asp?editorialsid=413


0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 17132000
so are you talking about dynamic DNS?  one that changes if your IP address changes?

If this is the case; I have been using zoneedit.com for awhile now and they work great and they will dynamically update your dns.

Thanks
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17132078
Your ISP isn't going to know whether it is a Windows XP machine or a server doing the DNS requests. All ISPs offer DNS services of some kind or another.

What I meant by my comment above is that you cannot use the DNS servers belonging to another ISP. You must use either your own, or use the root servers.

I don't see anything in that article that relates to your question.
It refers to securing DNS servers - that is very different from secure DNS servers.
Furthermore, you should be running public facing DNS servers from your AD DNS servers anyway.

Simon.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 17132086
I think what you want is:

The DNS service running on your Domain controller to foward to your ISP's DNS servers.  Instead of this you can load the hints file and have it use the root servers as Scotty_cisco  refered to.

All boxes on your network should be setup to point to your domain controller as their DNS server, this includes the domain controller.

Everything in your network sends resolution requests to the DNS service running on your Domain controller.  This will reslove all IP host names as needed.  

For the IP domains that your DNS server is authorive for, it will reslove them itself.  For any IP domains that your DNS server is NOT authoritive for (ibm.com, microsoft.com, experts-exchange.com, etc), it will forward to your ISP's DNS servers or the root servers.  Which will reslove the names.
0
 

Author Comment

by:mantic1
ID: 17132180
Ok, we are more on the same page w the last comment.  I need to fill in the Forwarders tab on my DNS Server.  Like the example below...

http://mcpmag.com/images/0504mcp_DNS5.gif


Here's the type of forwarding I'm ultimately would like to achieve in the link below...

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

I just need the correct FORWARDER server IP Address that's normally provided by a corporate ISP but in this scenario I am not in a corporate environment.


0
 
LVL 9

Assisted Solution

by:NYtechGuy
NYtechGuy earned 75 total points
ID: 17132243


You can use your ISPs DNS servers, or you can contract with an outside service.  UltraDNS is a world renowned provider- they do authoritative DNS for companies such as Amazon.com, ebay.com etc.  They also provide recursive DNS - which is what you are looking for.

Highly recommended.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 50 total points
ID: 17132247
you CAN point it to any public DNS server on the internet such as
4.2.2.2
66.218.71.63

actually you don't have to enter anything on the forwarders tab since your DNS server will use the "root hints" servers if nothing is listed there.  I always list a few forwarders since the root hints servers are often busy and slow.


the link below straight from MS will answer most of your windows DNS questions:

http://support.microsoft.com/kb/291382
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question