Solved

DNS config question: does a server that is outside of my domain have any business being listed as a nameserver?

Posted on 2008-06-18
3
251 Views
Last Modified: 2010-05-18
I am in the process of configuring three DCs to serve several load-balanced IIS boxes.  

I first started this config two years ago. My config was only partially successful. I'm finally fixing things, but I'm having to clean up my old work, some of which were stopgap measures.

My three DCs are replicating their zones to one another. Looking at the forward lookup zones I notice that there is an instutional machine listed as a nameserver. This is outside of my domain. We probably did this as some stopgap DNS redundancy way back when. Probably doesn't matter one way or another, but I doubt it is even a Windows machine.

I am wondering if it has any business being there or if I should delete this external Nameserver.
WIll it cause harm/misconfiguration? Will it help?
Is there anything "tricky" to know about deleting it, or can I just kill the extra nameserver using the DNS GUI?

Thanks.


0
Comment
Question by:kennethfine
  • 2
3 Comments
 
LVL 38

Accepted Solution

by:
ChiefIT earned 250 total points
ID: 21819032
There are places to check for outside servers that you probably don't want in your configurations.

1) each server and NICs list of prefered DNS servers
2) the router's list of internal DNS servers.

The only place that is really a good practice to configure outside servers is DNS forwarders. Even then, that's only if you use recursion. Root hints comes pre conigured with public DNS servers. So, you don't have to configure root hints.

The link below will tell you the chronology of a DNS query: This might help you see why forwarders would be the only real good spot for outside servers.

http://www.experts-exchange.com/Networking/Protocols/DNS/Q_23204162.html
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21819035
Oh yes, add to the list:

3) DHCP configuration.
0
 
LVL 55

Expert Comment

by:andyalder
ID: 21822765
RFC2182 says you should have geographically and topoligically dispersed secondary nameservers, not that it really matters for small domains.

What the DNS GUI lists may be immaterial, you need to check your DNS from the root-servers using NSlookup (or get www.checkdns.net to do it for you).
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Resolve DNS query failed errors for Exchange
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question