Solved

Caching Only DNS and DHCP

Posted on 2008-06-11
10
570 Views
Last Modified: 2012-05-05
Can you point internal DHCP clients at a caching-only internal DNS server and expect the DNS records to dynamically update on the primary domain DNS servers?  

If this is possible then is there any special setup which must be performed?  If not, what is the recommendation?

All internal Windows 2003 R2 Servers and Windows XP/Vista clients on a single domain.
0
Comment
Question by:Nyah247
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 21767384
Why do you want to use a caching only server? What are you trying to acheive?
It would make fare more sense in most cases just to us a standard AD Integrated DNS solution.
0
 
LVL 6

Author Comment

by:Nyah247
ID: 21768007
I don't want to use a caching only DNS server but others in my group do.  I think they want to use this to off load responsibility from the primary DNS and provide some security.  Anyway...that is not my call.  I just need to make this thing work the best it can or prove it is not a good solution with some MS article or something.  Any ideas that may help or gotchas that I may be able to prove with some documentation?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21768196
The best option would be to install another DC and then install DNS on that. With AD Integrated DNS then in effect you have two primary DNS servers that will replicate with each other without the need to set up caching or zone transfers. Ad the DNS in incorporated within AD replication happens with AD replication and with all the AD security so its very efficient and has almost zero overhead. If you also toak the opportunity to make the addintional machine a Global Catalog then you also gain by having complete resilliance as in the case of one DC/DNS server failing, users will be able to authenticate with the other. This makes for a much more sensible, resilliant and practical solution that a caching only server.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 6

Author Comment

by:Nyah247
ID: 21769344
We currently have 2 DCs with AD integrated DNS but our DNS guy would like me to point everything at the caching only servers to off load responsibility from the DCs and provide extra security.  The caching only servers are configured to forward all internal requests to the appropriate AD DNS server and all external requests to a DMZ caching only server which uses root hints.  

Nevertheless I seem to be having some issues with DHCP not updating records properly when the leases expire.  I am curious whether it is the setup or a configuration problem with either DNS or DHCP.  

So in a nut shell...  Is the configuration I mentioned supported when used with DHCP?  Is there any documentation you are aware of which would help me support any change justification?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21769548
OK I see what you are trying to do. You can have a caching only server, but remember it is read only, it simply caches previsous requests based on the TLL of the DNS record in DNS.

When you start out the caching server will have no entries, if it gets a DNS query from a client it forwards that request to the "real" DNS server, caches the reply and passes it back to the client. Subsequent requests for the same query are then served from the cache until the TTL for the record expires.

I would maintain two seperate DNS severs - one private and one public for security, you don't want the public server forwarding to your internal DNS
0
 
LVL 6

Author Comment

by:Nyah247
ID: 21770586
So are you saying that because the caching DNS servers are read-only they would not be a good to configuration for DHCP?

Currently my DHCP servers are configured to point at the caching-only servers (in their nic configuration) and the DHCP clients are assigned the caching only servers when they pull a lease.  So...with that in mind, is there something wrong with this config?
0
 
LVL 6

Author Comment

by:Nyah247
ID: 21778433
Thanks for your comments KCTS...  Any additional information you can provide pertaining to my questions above would be greatly appreciated.  
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21778471
What I'm saying is that if you are trying to provide DNS resolution for external clients to access you public servers, then this should be a compltely different DNS setup to your internal DNS, otherwise you will compromise security - "split DNS" would be more appropriate
http://www.windowsnetworking.com/articles_tutorials/Split-DNS-Small-Business-Remote-Access-Connections.html
0
 
LVL 6

Author Comment

by:Nyah247
ID: 21778526
No external DNS or clients using the DNS we maintain...  All external DNS to our public servers is maintained by a third-party.  Anyway, I am most concerned about the internal DHCP pointing at the internal caching-only servers in regards to DNS record updates.  Is this a supported practice?

I think I may have misdirected you a bit on one of my comments.  Sorry and thanks a bunch for your patience.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 400 total points
ID: 21778586
OK I seem to have got confused (easily done), in that case I'll go back to my previous stance. Caching only servers are really designed for use where you have a remote site on the end of a slow link and cleints on that site need to resolve DNS as locally as possible without incurring the overheads which result from DNS zone transfer of AD replication.

If you have no bandwidth issues and/or this is a single site then multiple DCs with AD integrated DNS would offer a much more reliable solution without the latancy issues
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question