Solved

DNS config question: does a server that is outside of my domain have any business being listed as a nameserver?

Posted on 2008-06-18
3
223 Views
Last Modified: 2010-05-18
I am in the process of configuring three DCs to serve several load-balanced IIS boxes.  

I first started this config two years ago. My config was only partially successful. I'm finally fixing things, but I'm having to clean up my old work, some of which were stopgap measures.

My three DCs are replicating their zones to one another. Looking at the forward lookup zones I notice that there is an instutional machine listed as a nameserver. This is outside of my domain. We probably did this as some stopgap DNS redundancy way back when. Probably doesn't matter one way or another, but I doubt it is even a Windows machine.

I am wondering if it has any business being there or if I should delete this external Nameserver.
WIll it cause harm/misconfiguration? Will it help?
Is there anything "tricky" to know about deleting it, or can I just kill the extra nameserver using the DNS GUI?

Thanks.


0
Comment
Question by:kennethfine
  • 2
3 Comments
 
LVL 38

Accepted Solution

by:
ChiefIT earned 250 total points
Comment Utility
There are places to check for outside servers that you probably don't want in your configurations.

1) each server and NICs list of prefered DNS servers
2) the router's list of internal DNS servers.

The only place that is really a good practice to configure outside servers is DNS forwarders. Even then, that's only if you use recursion. Root hints comes pre conigured with public DNS servers. So, you don't have to configure root hints.

The link below will tell you the chronology of a DNS query: This might help you see why forwarders would be the only real good spot for outside servers.

http://www.experts-exchange.com/Networking/Protocols/DNS/Q_23204162.html
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
Oh yes, add to the list:

3) DHCP configuration.
0
 
LVL 55

Expert Comment

by:andyalder
Comment Utility
RFC2182 says you should have geographically and topoligically dispersed secondary nameservers, not that it really matters for small domains.

What the DNS GUI lists may be immaterial, you need to check your DNS from the root-servers using NSlookup (or get www.checkdns.net to do it for you).
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
this article is a guided solution for most of the common server issues in server hardware tasks we are facing in our routine job works. the topics in the following article covered are, 1) dell hardware raidlevel (Perc) 2) adding HDD 3) how t…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now