Solved

External DNS  - Integration with AD DNS!

Posted on 2007-04-05
8
370 Views
Last Modified: 2010-04-20
I have two domain controller (fault tolerance), both running DNS services, and the clients use these two dns addresses. I read in MS articles that I cannot add External ISP DNS to the Domain controller dns (fwd. servers) since it will make the AD services v. slow and not reliable. Is this true? If yes, where should I point to the external ISP DNS address? I have to define the External DNS so the clients can obtain the IP address for external websites.


0
Comment
Question by:nammari
8 Comments
 
LVL 13

Expert Comment

by:strongline
ID: 18859441
what can't be used is external DNS in your dns client, aka your TCp/IP settings on all member workstation/member server/DC. All boxes should point to your internal DNS, and you either add forwarder on your DNS server or just let default root hints take over when your dns clients need to resolve an external address.
0
 
LVL 13

Expert Comment

by:strongline
ID: 18859461
detailed actions need to be taken:

- on client, taking off all external DNS in TCP/IP properties
- on DNS server, make sure you don't have a top domain zone (.)
- (optional) right click on your DNS server name, properties, forwarders. If you don't define forwarders, root hints work as well.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18859510
Not sure which docs you're reading, but the configuration that strongline recommends is extremely common, works in production all the time.  Point your internal clients to your internal DNS, and configure your internal DNS servers to forward to ISP's DNS to resolve Internet and other non-internal queries.  If you configure root hints instead of forwarders, all DNS queries (both internal and external) will be resolved by your DNS servers, rather than simply "handing them off" to external DNS for Internet queries.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 

Author Comment

by:nammari
ID: 18860112
That means I have to add to my two DNS server the external DNS server as Forwarders! right?
In the root hint I have stange entries:
a.root-server.net
b.root-server.net
..
..
m.root-server.net

What are these? shoud I take them out?

Please advice
Rami
0
 
LVL 8

Expert Comment

by:RGRodgers
ID: 18860125
They are the classic "7 sisters", so named because there used to be 7 of them.  They are the root authoritative domains for the entire Internet.  You should reference them, as you are, for resources external to your DNS.  You may want to feed them data from your DNS if you want to expose internal resources to the Internet.  Take care doing so.
0
 

Author Comment

by:nammari
ID: 18860144
Thanks RGRodgers.
Please let me know how I can do that. my other question is:
Do I need to add to my two DNS server the external DNS server as Forwarders?
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 250 total points
ID: 18860577
>>Do I need to add to my two DNS server the external DNS server as Forwarders?
no you don't NEED TO, but it will actually speed external DNS lookups up since the 'root hints' servers are often busy.  But yes you CAN add your ISPs DNS servers to your DC/DNS servers as forwarders (done in the DNS console, NOT on the properties of the NIC)

I would read the whole article listed, but the section below is relevant to your situation.
http://support.microsoft.com/kb/291382

Question: If I remove the ISP's DNS server settings from the domain controller, how does it resolve names such as Microsoft.com on the Internet?

Answer: As long as the "." zone does not exist under forward lookup zones in DNS, the DNS service uses the root hint servers. The root hint servers are well-known servers on the Internet that help all DNS servers resolve name queries.


0
 

Author Comment

by:nammari
ID: 18862593
Thank you...
0

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now