Nyah247
asked on
Caching Only DNS and DHCP
Can you point internal DHCP clients at a caching-only internal DNS server and expect the DNS records to dynamically update on the primary domain DNS servers?
If this is possible then is there any special setup which must be performed? If not, what is the recommendation?
All internal Windows 2003 R2 Servers and Windows XP/Vista clients on a single domain.
If this is possible then is there any special setup which must be performed? If not, what is the recommendation?
All internal Windows 2003 R2 Servers and Windows XP/Vista clients on a single domain.
ASKER
I don't want to use a caching only DNS server but others in my group do. I think they want to use this to off load responsibility from the primary DNS and provide some security. Anyway...that is not my call. I just need to make this thing work the best it can or prove it is not a good solution with some MS article or something. Any ideas that may help or gotchas that I may be able to prove with some documentation?
The best option would be to install another DC and then install DNS on that. With AD Integrated DNS then in effect you have two primary DNS servers that will replicate with each other without the need to set up caching or zone transfers. Ad the DNS in incorporated within AD replication happens with AD replication and with all the AD security so its very efficient and has almost zero overhead. If you also toak the opportunity to make the addintional machine a Global Catalog then you also gain by having complete resilliance as in the case of one DC/DNS server failing, users will be able to authenticate with the other. This makes for a much more sensible, resilliant and practical solution that a caching only server.
ASKER
We currently have 2 DCs with AD integrated DNS but our DNS guy would like me to point everything at the caching only servers to off load responsibility from the DCs and provide extra security. The caching only servers are configured to forward all internal requests to the appropriate AD DNS server and all external requests to a DMZ caching only server which uses root hints.
Nevertheless I seem to be having some issues with DHCP not updating records properly when the leases expire. I am curious whether it is the setup or a configuration problem with either DNS or DHCP.
So in a nut shell... Is the configuration I mentioned supported when used with DHCP? Is there any documentation you are aware of which would help me support any change justification?
Nevertheless I seem to be having some issues with DHCP not updating records properly when the leases expire. I am curious whether it is the setup or a configuration problem with either DNS or DHCP.
So in a nut shell... Is the configuration I mentioned supported when used with DHCP? Is there any documentation you are aware of which would help me support any change justification?
OK I see what you are trying to do. You can have a caching only server, but remember it is read only, it simply caches previsous requests based on the TLL of the DNS record in DNS.
When you start out the caching server will have no entries, if it gets a DNS query from a client it forwards that request to the "real" DNS server, caches the reply and passes it back to the client. Subsequent requests for the same query are then served from the cache until the TTL for the record expires.
I would maintain two seperate DNS severs - one private and one public for security, you don't want the public server forwarding to your internal DNS
When you start out the caching server will have no entries, if it gets a DNS query from a client it forwards that request to the "real" DNS server, caches the reply and passes it back to the client. Subsequent requests for the same query are then served from the cache until the TTL for the record expires.
I would maintain two seperate DNS severs - one private and one public for security, you don't want the public server forwarding to your internal DNS
ASKER
So are you saying that because the caching DNS servers are read-only they would not be a good to configuration for DHCP?
Currently my DHCP servers are configured to point at the caching-only servers (in their nic configuration) and the DHCP clients are assigned the caching only servers when they pull a lease. So...with that in mind, is there something wrong with this config?
Currently my DHCP servers are configured to point at the caching-only servers (in their nic configuration) and the DHCP clients are assigned the caching only servers when they pull a lease. So...with that in mind, is there something wrong with this config?
ASKER
Thanks for your comments KCTS... Any additional information you can provide pertaining to my questions above would be greatly appreciated.
What I'm saying is that if you are trying to provide DNS resolution for external clients to access you public servers, then this should be a compltely different DNS setup to your internal DNS, otherwise you will compromise security - "split DNS" would be more appropriate
http://www.windowsnetworking.com/articles_tutorials/Split-DNS-Small-Business-Remote-Access-Connections.html
http://www.windowsnetworking.com/articles_tutorials/Split-DNS-Small-Business-Remote-Access-Connections.html
ASKER
No external DNS or clients using the DNS we maintain... All external DNS to our public servers is maintained by a third-party. Anyway, I am most concerned about the internal DHCP pointing at the internal caching-only servers in regards to DNS record updates. Is this a supported practice?
I think I may have misdirected you a bit on one of my comments. Sorry and thanks a bunch for your patience.
I think I may have misdirected you a bit on one of my comments. Sorry and thanks a bunch for your patience.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
It would make fare more sense in most cases just to us a standard AD Integrated DNS solution.