Solved

Caching Only DNS and DHCP

Posted on 2008-06-11
10
555 Views
Last Modified: 2012-05-05
Can you point internal DHCP clients at a caching-only internal DNS server and expect the DNS records to dynamically update on the primary domain DNS servers?  

If this is possible then is there any special setup which must be performed?  If not, what is the recommendation?

All internal Windows 2003 R2 Servers and Windows XP/Vista clients on a single domain.
0
Comment
Question by:Nyah247
  • 5
  • 5
10 Comments
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
Why do you want to use a caching only server? What are you trying to acheive?
It would make fare more sense in most cases just to us a standard AD Integrated DNS solution.
0
 
LVL 6

Author Comment

by:Nyah247
Comment Utility
I don't want to use a caching only DNS server but others in my group do.  I think they want to use this to off load responsibility from the primary DNS and provide some security.  Anyway...that is not my call.  I just need to make this thing work the best it can or prove it is not a good solution with some MS article or something.  Any ideas that may help or gotchas that I may be able to prove with some documentation?
0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
The best option would be to install another DC and then install DNS on that. With AD Integrated DNS then in effect you have two primary DNS servers that will replicate with each other without the need to set up caching or zone transfers. Ad the DNS in incorporated within AD replication happens with AD replication and with all the AD security so its very efficient and has almost zero overhead. If you also toak the opportunity to make the addintional machine a Global Catalog then you also gain by having complete resilliance as in the case of one DC/DNS server failing, users will be able to authenticate with the other. This makes for a much more sensible, resilliant and practical solution that a caching only server.
0
 
LVL 6

Author Comment

by:Nyah247
Comment Utility
We currently have 2 DCs with AD integrated DNS but our DNS guy would like me to point everything at the caching only servers to off load responsibility from the DCs and provide extra security.  The caching only servers are configured to forward all internal requests to the appropriate AD DNS server and all external requests to a DMZ caching only server which uses root hints.  

Nevertheless I seem to be having some issues with DHCP not updating records properly when the leases expire.  I am curious whether it is the setup or a configuration problem with either DNS or DHCP.  

So in a nut shell...  Is the configuration I mentioned supported when used with DHCP?  Is there any documentation you are aware of which would help me support any change justification?
0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
OK I see what you are trying to do. You can have a caching only server, but remember it is read only, it simply caches previsous requests based on the TLL of the DNS record in DNS.

When you start out the caching server will have no entries, if it gets a DNS query from a client it forwards that request to the "real" DNS server, caches the reply and passes it back to the client. Subsequent requests for the same query are then served from the cache until the TTL for the record expires.

I would maintain two seperate DNS severs - one private and one public for security, you don't want the public server forwarding to your internal DNS
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 6

Author Comment

by:Nyah247
Comment Utility
So are you saying that because the caching DNS servers are read-only they would not be a good to configuration for DHCP?

Currently my DHCP servers are configured to point at the caching-only servers (in their nic configuration) and the DHCP clients are assigned the caching only servers when they pull a lease.  So...with that in mind, is there something wrong with this config?
0
 
LVL 6

Author Comment

by:Nyah247
Comment Utility
Thanks for your comments KCTS...  Any additional information you can provide pertaining to my questions above would be greatly appreciated.  
0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
What I'm saying is that if you are trying to provide DNS resolution for external clients to access you public servers, then this should be a compltely different DNS setup to your internal DNS, otherwise you will compromise security - "split DNS" would be more appropriate
http://www.windowsnetworking.com/articles_tutorials/Split-DNS-Small-Business-Remote-Access-Connections.html
0
 
LVL 6

Author Comment

by:Nyah247
Comment Utility
No external DNS or clients using the DNS we maintain...  All external DNS to our public servers is maintained by a third-party.  Anyway, I am most concerned about the internal DHCP pointing at the internal caching-only servers in regards to DNS record updates.  Is this a supported practice?

I think I may have misdirected you a bit on one of my comments.  Sorry and thanks a bunch for your patience.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 400 total points
Comment Utility
OK I seem to have got confused (easily done), in that case I'll go back to my previous stance. Caching only servers are really designed for use where you have a remote site on the end of a slow link and cleints on that site need to resolve DNS as locally as possible without incurring the overheads which result from DNS zone transfer of AD replication.

If you have no bandwidth issues and/or this is a single site then multiple DCs with AD integrated DNS would offer a much more reliable solution without the latancy issues
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now