Solved

External DNS  - Integration with AD DNS!

Posted on 2007-04-05
8
376 Views
Last Modified: 2010-04-20
I have two domain controller (fault tolerance), both running DNS services, and the clients use these two dns addresses. I read in MS articles that I cannot add External ISP DNS to the Domain controller dns (fwd. servers) since it will make the AD services v. slow and not reliable. Is this true? If yes, where should I point to the external ISP DNS address? I have to define the External DNS so the clients can obtain the IP address for external websites.


0
Comment
Question by:nammari
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 13

Expert Comment

by:strongline
ID: 18859441
what can't be used is external DNS in your dns client, aka your TCp/IP settings on all member workstation/member server/DC. All boxes should point to your internal DNS, and you either add forwarder on your DNS server or just let default root hints take over when your dns clients need to resolve an external address.
0
 
LVL 13

Expert Comment

by:strongline
ID: 18859461
detailed actions need to be taken:

- on client, taking off all external DNS in TCP/IP properties
- on DNS server, make sure you don't have a top domain zone (.)
- (optional) right click on your DNS server name, properties, forwarders. If you don't define forwarders, root hints work as well.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18859510
Not sure which docs you're reading, but the configuration that strongline recommends is extremely common, works in production all the time.  Point your internal clients to your internal DNS, and configure your internal DNS servers to forward to ISP's DNS to resolve Internet and other non-internal queries.  If you configure root hints instead of forwarders, all DNS queries (both internal and external) will be resolved by your DNS servers, rather than simply "handing them off" to external DNS for Internet queries.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:nammari
ID: 18860112
That means I have to add to my two DNS server the external DNS server as Forwarders! right?
In the root hint I have stange entries:
a.root-server.net
b.root-server.net
..
..
m.root-server.net

What are these? shoud I take them out?

Please advice
Rami
0
 
LVL 8

Expert Comment

by:RGRodgers
ID: 18860125
They are the classic "7 sisters", so named because there used to be 7 of them.  They are the root authoritative domains for the entire Internet.  You should reference them, as you are, for resources external to your DNS.  You may want to feed them data from your DNS if you want to expose internal resources to the Internet.  Take care doing so.
0
 

Author Comment

by:nammari
ID: 18860144
Thanks RGRodgers.
Please let me know how I can do that. my other question is:
Do I need to add to my two DNS server the external DNS server as Forwarders?
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 250 total points
ID: 18860577
>>Do I need to add to my two DNS server the external DNS server as Forwarders?
no you don't NEED TO, but it will actually speed external DNS lookups up since the 'root hints' servers are often busy.  But yes you CAN add your ISPs DNS servers to your DC/DNS servers as forwarders (done in the DNS console, NOT on the properties of the NIC)

I would read the whole article listed, but the section below is relevant to your situation.
http://support.microsoft.com/kb/291382

Question: If I remove the ISP's DNS server settings from the domain controller, how does it resolve names such as Microsoft.com on the Internet?

Answer: As long as the "." zone does not exist under forward lookup zones in DNS, the DNS service uses the root hint servers. The root hint servers are well-known servers on the Internet that help all DNS servers resolve name queries.


0
 

Author Comment

by:nammari
ID: 18862593
Thank you...
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question