nammari
asked on
External DNS - Integration with AD DNS!
I have two domain controller (fault tolerance), both running DNS services, and the clients use these two dns addresses. I read in MS articles that I cannot add External ISP DNS to the Domain controller dns (fwd. servers) since it will make the AD services v. slow and not reliable. Is this true? If yes, where should I point to the external ISP DNS address? I have to define the External DNS so the clients can obtain the IP address for external websites.
what can't be used is external DNS in your dns client, aka your TCp/IP settings on all member workstation/member server/DC. All boxes should point to your internal DNS, and you either add forwarder on your DNS server or just let default root hints take over when your dns clients need to resolve an external address.
detailed actions need to be taken:
- on client, taking off all external DNS in TCP/IP properties
- on DNS server, make sure you don't have a top domain zone (.)
- (optional) right click on your DNS server name, properties, forwarders. If you don't define forwarders, root hints work as well.
- on client, taking off all external DNS in TCP/IP properties
- on DNS server, make sure you don't have a top domain zone (.)
- (optional) right click on your DNS server name, properties, forwarders. If you don't define forwarders, root hints work as well.
Not sure which docs you're reading, but the configuration that strongline recommends is extremely common, works in production all the time. Point your internal clients to your internal DNS, and configure your internal DNS servers to forward to ISP's DNS to resolve Internet and other non-internal queries. If you configure root hints instead of forwarders, all DNS queries (both internal and external) will be resolved by your DNS servers, rather than simply "handing them off" to external DNS for Internet queries.
Hope this helps.
Laura E. Hunter - Microsoft MVP: Windows Server - Networking
Hope this helps.
Laura E. Hunter - Microsoft MVP: Windows Server - Networking
ASKER
That means I have to add to my two DNS server the external DNS server as Forwarders! right?
In the root hint I have stange entries:
a.root-server.net
b.root-server.net
..
..
m.root-server.net
What are these? shoud I take them out?
Please advice
Rami
In the root hint I have stange entries:
a.root-server.net
b.root-server.net
..
..
m.root-server.net
What are these? shoud I take them out?
Please advice
Rami
They are the classic "7 sisters", so named because there used to be 7 of them. They are the root authoritative domains for the entire Internet. You should reference them, as you are, for resources external to your DNS. You may want to feed them data from your DNS if you want to expose internal resources to the Internet. Take care doing so.
ASKER
Thanks RGRodgers.
Please let me know how I can do that. my other question is:
Do I need to add to my two DNS server the external DNS server as Forwarders?
Please let me know how I can do that. my other question is:
Do I need to add to my two DNS server the external DNS server as Forwarders?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you...