Solved

Where should I point my DNS forwarders if my ISP does not provide an authoritative server?

Posted on 2006-07-18
10
382 Views
Last Modified: 2013-11-30
I am setting up a small AD environment on a non business class dsl and enabled DNS forwarders but need secure DNS servers to point to.
0
Comment
Question by:mantic1
  • 2
  • 2
  • 2
  • +3
10 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17131623
You can't use anyone's DNS servers.
I normally say to use the ISPs. Otherwise see who the ISPs upstream provider is and use their's.
If you are getting a web site hosted then see if you can use the host's DNS servers.

Simon.
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 17131631
what has your ISP given you for DNS resolution for your hosts?

That is what I would point it at also if you set up your local host to be a caching name server it will use the root name servers on the internet.

http://www.root-servers.org/

check that out if they have not given you anything.

Thanks
Scott
0
 
LVL 57

Expert Comment

by:giltjr
ID: 17131826
O.K.  Lets make sure we understand everything.  

DNS forwarders are not the same thing as authorive DNS servers.  I have never heard of a ISP not providing DNS reslovers.

What do you mean by "secure DNS servers?"  Do you mean that you need to find some, secure meaning acquire the IP address of them?  Or do you mean that they need to be secure in the sense they are protected.

Do you really need to have DNS servers on the Internet that reslove host name for your IP domain?
0
 

Author Comment

by:mantic1
ID: 17131975
I'm use to having an agreement w/ your corporate ISP to use their DNS servers as forwarders.   What do you use instead if your dont have a business class solution?  I understand that you can't simply point to a DNS server your home ISP server provides and selecting a random DNS server could compromise your network.  Hence, i want a secure DNS server that is available as a forwarder.  btw - I'm using this article as reference  http://mcpmag.com/Features/article.asp?editorialsid=413


0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 17132000
so are you talking about dynamic DNS?  one that changes if your IP address changes?

If this is the case; I have been using zoneedit.com for awhile now and they work great and they will dynamically update your dns.

Thanks
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 104

Expert Comment

by:Sembee
ID: 17132078
Your ISP isn't going to know whether it is a Windows XP machine or a server doing the DNS requests. All ISPs offer DNS services of some kind or another.

What I meant by my comment above is that you cannot use the DNS servers belonging to another ISP. You must use either your own, or use the root servers.

I don't see anything in that article that relates to your question.
It refers to securing DNS servers - that is very different from secure DNS servers.
Furthermore, you should be running public facing DNS servers from your AD DNS servers anyway.

Simon.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 17132086
I think what you want is:

The DNS service running on your Domain controller to foward to your ISP's DNS servers.  Instead of this you can load the hints file and have it use the root servers as Scotty_cisco  refered to.

All boxes on your network should be setup to point to your domain controller as their DNS server, this includes the domain controller.

Everything in your network sends resolution requests to the DNS service running on your Domain controller.  This will reslove all IP host names as needed.  

For the IP domains that your DNS server is authorive for, it will reslove them itself.  For any IP domains that your DNS server is NOT authoritive for (ibm.com, microsoft.com, experts-exchange.com, etc), it will forward to your ISP's DNS servers or the root servers.  Which will reslove the names.
0
 

Author Comment

by:mantic1
ID: 17132180
Ok, we are more on the same page w the last comment.  I need to fill in the Forwarders tab on my DNS Server.  Like the example below...

http://mcpmag.com/images/0504mcp_DNS5.gif


Here's the type of forwarding I'm ultimately would like to achieve in the link below...

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

I just need the correct FORWARDER server IP Address that's normally provided by a corporate ISP but in this scenario I am not in a corporate environment.


0
 
LVL 9

Assisted Solution

by:NYtechGuy
NYtechGuy earned 75 total points
ID: 17132243


You can use your ISPs DNS servers, or you can contract with an outside service.  UltraDNS is a world renowned provider- they do authoritative DNS for companies such as Amazon.com, ebay.com etc.  They also provide recursive DNS - which is what you are looking for.

Highly recommended.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 50 total points
ID: 17132247
you CAN point it to any public DNS server on the internet such as
4.2.2.2
66.218.71.63

actually you don't have to enter anything on the forwarders tab since your DNS server will use the "root hints" servers if nothing is listed there.  I always list a few forwarders since the root hints servers are often busy and slow.


the link below straight from MS will answer most of your windows DNS questions:

http://support.microsoft.com/kb/291382
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Fortigate 100D NTP Issue 4 50
cant gain access to the internet 4 46
networking details on centos 6.6 4 50
NAS with google authentication 6 60
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now