Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

External DNS  - Integration with AD DNS!

Posted on 2007-04-05
8
Medium Priority
?
377 Views
Last Modified: 2010-04-20
I have two domain controller (fault tolerance), both running DNS services, and the clients use these two dns addresses. I read in MS articles that I cannot add External ISP DNS to the Domain controller dns (fwd. servers) since it will make the AD services v. slow and not reliable. Is this true? If yes, where should I point to the external ISP DNS address? I have to define the External DNS so the clients can obtain the IP address for external websites.


0
Comment
Question by:nammari
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 13

Expert Comment

by:strongline
ID: 18859441
what can't be used is external DNS in your dns client, aka your TCp/IP settings on all member workstation/member server/DC. All boxes should point to your internal DNS, and you either add forwarder on your DNS server or just let default root hints take over when your dns clients need to resolve an external address.
0
 
LVL 13

Expert Comment

by:strongline
ID: 18859461
detailed actions need to be taken:

- on client, taking off all external DNS in TCP/IP properties
- on DNS server, make sure you don't have a top domain zone (.)
- (optional) right click on your DNS server name, properties, forwarders. If you don't define forwarders, root hints work as well.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18859510
Not sure which docs you're reading, but the configuration that strongline recommends is extremely common, works in production all the time.  Point your internal clients to your internal DNS, and configure your internal DNS servers to forward to ISP's DNS to resolve Internet and other non-internal queries.  If you configure root hints instead of forwarders, all DNS queries (both internal and external) will be resolved by your DNS servers, rather than simply "handing them off" to external DNS for Internet queries.

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:nammari
ID: 18860112
That means I have to add to my two DNS server the external DNS server as Forwarders! right?
In the root hint I have stange entries:
a.root-server.net
b.root-server.net
..
..
m.root-server.net

What are these? shoud I take them out?

Please advice
Rami
0
 
LVL 8

Expert Comment

by:RGRodgers
ID: 18860125
They are the classic "7 sisters", so named because there used to be 7 of them.  They are the root authoritative domains for the entire Internet.  You should reference them, as you are, for resources external to your DNS.  You may want to feed them data from your DNS if you want to expose internal resources to the Internet.  Take care doing so.
0
 

Author Comment

by:nammari
ID: 18860144
Thanks RGRodgers.
Please let me know how I can do that. my other question is:
Do I need to add to my two DNS server the external DNS server as Forwarders?
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 1000 total points
ID: 18860577
>>Do I need to add to my two DNS server the external DNS server as Forwarders?
no you don't NEED TO, but it will actually speed external DNS lookups up since the 'root hints' servers are often busy.  But yes you CAN add your ISPs DNS servers to your DC/DNS servers as forwarders (done in the DNS console, NOT on the properties of the NIC)

I would read the whole article listed, but the section below is relevant to your situation.
http://support.microsoft.com/kb/291382

Question: If I remove the ISP's DNS server settings from the domain controller, how does it resolve names such as Microsoft.com on the Internet?

Answer: As long as the "." zone does not exist under forward lookup zones in DNS, the DNS service uses the root hint servers. The root hint servers are well-known servers on the Internet that help all DNS servers resolve name queries.


0
 

Author Comment

by:nammari
ID: 18862593
Thank you...
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question