[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 646
  • Last Modified:

DNS Parent Servers - Best Practice

I have 4 DNS Servers in my network.
(2) W2003 for Active Directory and (2) W2000 for public websites
I have registered as NS records at parent servers (to the Registry) the (2) W2000 for public websites

When I run www.dnsstuff.com I get a WARNING
FAIL: You have one or more missing (stealth) nameservers.
The following nameserver(s) are listed (at your nameservers) as nameservers for your domain,
but are not listed at the parent nameservers
--... list of my (2) W2003 for Active Directory

What is the best practice to declare as Primary/Secondary DNS at parent level? (Registry)
My AD DNS servers -or- the public ones? (and what issues are involved in each case that i should be aware for?)
0
AkisC
Asked:
AkisC
  • 2
1 Solution
 
rbkumaranCommented:
I think you possibly have the right configuration. These are the stealth NS records (sitting inside ur network) in your Authoritative servers.

Should not add these to the parent servers and as long as these servers are working OK, you are doing fine. You need to make sure that your public DNS servers do not leak these NS server information in non NS queries
0
 
AkisCAuthor Commented:
Thank you rbkumaran
I'll just wait for some other or similar opinion because...
I have had some issues (not all the time) -peculiar ones- like I'm not able to authenticate a sertain user to some domain computers or I'm not able to remote login with mcs console. I beleive this has to do something with how the 4 DNS must operate...in connection with the parent dns
You get (at least) 50% of the points, for your time spend for me, that I appreciate a lot.
0
 
rbkumaranCommented:
Thanks!

I think the issue you have mentioned are more likely a client config related ones. As you may be aware, if a client cannot see the right DNS servers (your AD ones) then there is a problem straight away in getting the user to authenticate. So should be the remote console access.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now