?
Solved

External DNS  - Integration with AD DNS!

Posted on 2007-04-05
8
Medium Priority
?
381 Views
Last Modified: 2010-04-20
I have two domain controller (fault tolerance), both running DNS services, and the clients use these two dns addresses. I read in MS articles that I cannot add External ISP DNS to the Domain controller dns (fwd. servers) since it will make the AD services v. slow and not reliable. Is this true? If yes, where should I point to the external ISP DNS address? I have to define the External DNS so the clients can obtain the IP address for external websites.


0
Comment
Question by:nammari
8 Comments
 
LVL 13

Expert Comment

by:strongline
ID: 18859441
what can't be used is external DNS in your dns client, aka your TCp/IP settings on all member workstation/member server/DC. All boxes should point to your internal DNS, and you either add forwarder on your DNS server or just let default root hints take over when your dns clients need to resolve an external address.
0
 
LVL 13

Expert Comment

by:strongline
ID: 18859461
detailed actions need to be taken:

- on client, taking off all external DNS in TCP/IP properties
- on DNS server, make sure you don't have a top domain zone (.)
- (optional) right click on your DNS server name, properties, forwarders. If you don't define forwarders, root hints work as well.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18859510
Not sure which docs you're reading, but the configuration that strongline recommends is extremely common, works in production all the time.  Point your internal clients to your internal DNS, and configure your internal DNS servers to forward to ISP's DNS to resolve Internet and other non-internal queries.  If you configure root hints instead of forwarders, all DNS queries (both internal and external) will be resolved by your DNS servers, rather than simply "handing them off" to external DNS for Internet queries.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 

Author Comment

by:nammari
ID: 18860112
That means I have to add to my two DNS server the external DNS server as Forwarders! right?
In the root hint I have stange entries:
a.root-server.net
b.root-server.net
..
..
m.root-server.net

What are these? shoud I take them out?

Please advice
Rami
0
 
LVL 8

Expert Comment

by:RGRodgers
ID: 18860125
They are the classic "7 sisters", so named because there used to be 7 of them.  They are the root authoritative domains for the entire Internet.  You should reference them, as you are, for resources external to your DNS.  You may want to feed them data from your DNS if you want to expose internal resources to the Internet.  Take care doing so.
0
 

Author Comment

by:nammari
ID: 18860144
Thanks RGRodgers.
Please let me know how I can do that. my other question is:
Do I need to add to my two DNS server the external DNS server as Forwarders?
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 1000 total points
ID: 18860577
>>Do I need to add to my two DNS server the external DNS server as Forwarders?
no you don't NEED TO, but it will actually speed external DNS lookups up since the 'root hints' servers are often busy.  But yes you CAN add your ISPs DNS servers to your DC/DNS servers as forwarders (done in the DNS console, NOT on the properties of the NIC)

I would read the whole article listed, but the section below is relevant to your situation.
http://support.microsoft.com/kb/291382

Question: If I remove the ISP's DNS server settings from the domain controller, how does it resolve names such as Microsoft.com on the Internet?

Answer: As long as the "." zone does not exist under forward lookup zones in DNS, the DNS service uses the root hint servers. The root hint servers are well-known servers on the Internet that help all DNS servers resolve name queries.


0
 

Author Comment

by:nammari
ID: 18862593
Thank you...
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question