• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 462
  • Last Modified:

Where should I point my DNS forwarders if my ISP does not provide an authoritative server?

I am setting up a small AD environment on a non business class dsl and enabled DNS forwarders but need secure DNS servers to point to.
0
mantic1
Asked:
mantic1
  • 2
  • 2
  • 2
  • +3
2 Solutions
 
SembeeCommented:
You can't use anyone's DNS servers.
I normally say to use the ISPs. Otherwise see who the ISPs upstream provider is and use their's.
If you are getting a web site hosted then see if you can use the host's DNS servers.

Simon.
0
 
Scotty_ciscoCommented:
what has your ISP given you for DNS resolution for your hosts?

That is what I would point it at also if you set up your local host to be a caching name server it will use the root name servers on the internet.

http://www.root-servers.org/

check that out if they have not given you anything.

Thanks
Scott
0
 
giltjrCommented:
O.K.  Lets make sure we understand everything.  

DNS forwarders are not the same thing as authorive DNS servers.  I have never heard of a ISP not providing DNS reslovers.

What do you mean by "secure DNS servers?"  Do you mean that you need to find some, secure meaning acquire the IP address of them?  Or do you mean that they need to be secure in the sense they are protected.

Do you really need to have DNS servers on the Internet that reslove host name for your IP domain?
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
mantic1Author Commented:
I'm use to having an agreement w/ your corporate ISP to use their DNS servers as forwarders.   What do you use instead if your dont have a business class solution?  I understand that you can't simply point to a DNS server your home ISP server provides and selecting a random DNS server could compromise your network.  Hence, i want a secure DNS server that is available as a forwarder.  btw - I'm using this article as reference  http://mcpmag.com/Features/article.asp?editorialsid=413


0
 
Scotty_ciscoCommented:
so are you talking about dynamic DNS?  one that changes if your IP address changes?

If this is the case; I have been using zoneedit.com for awhile now and they work great and they will dynamically update your dns.

Thanks
0
 
SembeeCommented:
Your ISP isn't going to know whether it is a Windows XP machine or a server doing the DNS requests. All ISPs offer DNS services of some kind or another.

What I meant by my comment above is that you cannot use the DNS servers belonging to another ISP. You must use either your own, or use the root servers.

I don't see anything in that article that relates to your question.
It refers to securing DNS servers - that is very different from secure DNS servers.
Furthermore, you should be running public facing DNS servers from your AD DNS servers anyway.

Simon.
0
 
giltjrCommented:
I think what you want is:

The DNS service running on your Domain controller to foward to your ISP's DNS servers.  Instead of this you can load the hints file and have it use the root servers as Scotty_cisco  refered to.

All boxes on your network should be setup to point to your domain controller as their DNS server, this includes the domain controller.

Everything in your network sends resolution requests to the DNS service running on your Domain controller.  This will reslove all IP host names as needed.  

For the IP domains that your DNS server is authorive for, it will reslove them itself.  For any IP domains that your DNS server is NOT authoritive for (ibm.com, microsoft.com, experts-exchange.com, etc), it will forward to your ISP's DNS servers or the root servers.  Which will reslove the names.
0
 
mantic1Author Commented:
Ok, we are more on the same page w the last comment.  I need to fill in the Forwarders tab on my DNS Server.  Like the example below...

http://mcpmag.com/images/0504mcp_DNS5.gif


Here's the type of forwarding I'm ultimately would like to achieve in the link below...

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

I just need the correct FORWARDER server IP Address that's normally provided by a corporate ISP but in this scenario I am not in a corporate environment.


0
 
NYtechGuyCommented:


You can use your ISPs DNS servers, or you can contract with an outside service.  UltraDNS is a world renowned provider- they do authoritative DNS for companies such as Amazon.com, ebay.com etc.  They also provide recursive DNS - which is what you are looking for.

Highly recommended.
0
 
mikeleebrlaCommented:
you CAN point it to any public DNS server on the internet such as
4.2.2.2
66.218.71.63

actually you don't have to enter anything on the forwarders tab since your DNS server will use the "root hints" servers if nothing is listed there.  I always list a few forwarders since the root hints servers are often busy and slow.


the link below straight from MS will answer most of your windows DNS questions:

http://support.microsoft.com/kb/291382
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

  • 2
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now