• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 277
  • Last Modified:

correct dns queries

How can I configure correctly my DNS, to resolve all requests?
Because I have strange settings here.

1. We have one Exchange server and another SMTP server for relaying.
2. We have one DNS installed on our Active Directory server and one DNS on the SMTP server, but for what ?
3. Do  I need 2 installed DNS Servers ?
4. On the TCPIP settings, I have to insert the DNS servers, means my primary ads and secondary ads, right ?
5. Where to put the two DNS servers from my provider to resolve all requests from inside to outside?
  • 5
  • 5
1 Solution
2. You do not have to have two internal DNS servers it is for redundancy.

4 You would put in your internal DNS servers

5. In the Internal DNS servers under Forwarders. Right click on the internal DNS server in the DNS manager and click properties then click the Forwarders tab and enter you ISP' DNS servers.  
It can be depending on fact if your activedirectorydnsdomain is part of public DNS namespace (correct domain with valid extension on internet).
On your SMTP look into DNS server configuration what names are set there ?
Look also on type of DNS configuration (primary/secondary/caching-only)
and look on type of your Active Driectory DNS server (fully integrated into AD, or primary).
Maybe you have set primary DNS like domain controller and secondary is your SMTP...
Second thing, maybe on your network are hosts which cannot use Active Directory DNS due to some reasons...
3. Commonly not (but see my previous lines).
4. In TCP/IP settings you have option to add list of DNS servers ordered by your choosen priority. Your client then contacts DNS servers by this order. Yes mostly there are only two servers in order: primary, secondary.
If your client does not find answer by requesting first server then it continues with second, etc. If your domain is not part of internet DNS namespace (for example mydomain.local),
there must be minimally DNS server which contains dns names for your AD and minimally DNS from your ISP. Place your AD DNS on first position and your ISP's DNS servers on next positions. You can to configure it automatically if used DHCP.
Eprs_AdminSystem ArchitectAuthor Commented:
to clarify the following:
I have two domain controllers, primary and secondary, srv1 and srv2.
In TCPIP settings I just put this ADS or ?
Its just for logon to the domain.
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

A bit confused terms,
native active directory has not "primary/secondary" domain controller, all dc are equal.
Do you mean primary/secondary DNS server (?)
If on srv1 is running primary DNS server and on srv2 is running secondary DNS server,
then yes, add both to your TCP/IP configuration, but add also DNS from your ISP after it if on this machine you want also internet access.
Eprs_AdminSystem ArchitectAuthor Commented:
Hi Peter,
I have installed two ADS, a primary and secondary. On server 1 and 2.
And I have two dns installed on server 1 and 4.

Well, I assume that by "ADS" you mean Active Directory servers.
But what kind of servers ? Are both domain controllers ? or member servers ?
And still I am confused with your "SMTP server" described in first post. Is it the same like srv2 ?
Or is it some Linux machine ?
And if all it is clean, next question is what type of DNS servers do you have ?
(primary/secondary/caching-only and Active Directory integrated/not AD integrated)
Only ifa ll above questions are clarified, I cannot to tell if is there possible to configure clients
with only one server without impact on some other services running in your network.

In AD network infrastructure DNS server is mostly  integrated into AD.
(Such server can be also primary/secondary but this is different than primary/secondary which is not integrated into AD)
In different network infrastructures than AD - usually two DNS servers are deployed, one is "primary" and second one is "secondary".
Secondary only mirrors what primary keeps and if primary is not accessible, secondary still keeps data.
It is sufficient to have only one, but for better availability can be deployed secondary.

But still question what type of DNS server you have.
Open Administrative Tools -> DNS, expand Forward- Lookup Zones, right-click on your AD domain name and look into "General" tab. There is "type: ....." . Click "Change..." button and there is zone type (primary/secondary).
Eprs_AdminSystem ArchitectAuthor Commented:
Hi Peter,
yes, ADS is active directory server.
I have two ADS for redundancy, both are DC, srv1 and srv2.

On srv2 I have also my mail server, the smtp server is installed on srv4, relay mode.
The smtp server is a member server.

My DNS servers are on srv1 and srv4.
On srv1 the DNS is AD integrated with primary zone.
On srv4 the DNS is not AD integrated with sec zone and another primary zone.

Under the tab forwarders, I put on both DNS my dns servers from my provider.

I understand your net infrastructure now.
Look into primary zone on srv4, what items are defined there.
Check if are there defined some important DNS domains,
and if names in DNS records needs your clients (or your srv2, or by other servers...),
I assume that not, but verify it.
If DNS domains in zone on DNS srv4 are not needed in your network or out of your network,
(you can have local DNS server configured like primary DNS for your company and used by internet clients through statically mapped ports)
then swith it off and delete srv4 IP from TCP/IP properties on clients.

Eprs_AdminSystem ArchitectAuthor Commented:
on svr4 I have two zones, a standard primary and a secondary.
The primary zone for this secondary is on svr1. So they belong to each other.

Is there any need to install the dns on the smtp server, srv4, because the emails are relayed from the exchange server , to srv4 ?

I have in my mind, it is absolutly equal, where to install the DNS. Normally I installed always the ADS and DNS on the same servers.

Two things:
1. Secondary zone on srv4 which accepts DNS zone  from primary zone on srv1:
This is for better accessibility for your clients, if srv1 crashes or you manually restart it,
your machines can still have functional DNS system. So answer is: it is not absolutely needed but recommended is to have deployed also such secondary DNS server.

2. Primary zone on srv4 - your last question:
Maybe yes.
I assume that this domain on srv4 contains your internet DNS domain and it is used by your exchange to deliver emails locally when your internet domain is used like target email address.
Important is to know answers on:
What DNS domain name is defined in this zone on srv4 ?  (Is it not internet DNS domain for your company ? )
Is name of your Active Directory domain from private DNS namespace (i.e. mydomain.local),
or is it part of public namespace (mydomain.com) ?

Eprs_AdminSystem ArchitectAuthor Commented:
Thanks a lot. I have configured the forwarders and now I can send emails to the requried domain.

Here is my present, make money always better than in  a bank.
Power LAYS : http://gsp.wetten-mit-system.de
Forex : http://gsp.wetten-mit-system.de
Keep informed with my newsletter: http://newsletter.georgeandsilentpartner.com

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now