Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


DNS Forwarders at different sites? Same Domain though?

Posted on 2010-01-05
Medium Priority
Last Modified: 2012-05-08
I was doing a quick inventory on my 8 DCs DNS Forwarders.

All are MS Server 2003 Domain Controllers.

I basically have 4 physical sites, each has 2 DCs. What is the common practise for setting up DNS Forwarders in this scenario? Would it make sense to have them all pointing to the same public DNS servers? How many DNS Forwarding server IPs are recommended?

I have two at each site as I would like to have DNS available to users should a DC go down at that site...

Please advise o'wise ones. :) Thanks in advance.
Question by:OdyChris

Assisted Solution

kortina earned 800 total points
ID: 26187065
Configure your workstations to get its Primary DNS from DC1 in the same site, and the Secondary DNS from DC2 in the same site.

Then if 1 of your DC's fail, users can still get DNS records resolved, becuase they will just ask the other DC that is still available in the site.

If both DC's go down in your site, then you have bigger issues than DNS not working!

Set each of your DC's to forward requests to an external DNS server, you can add as few, or as many as you like. I would add more if the external DNS server is unreliable.

LVL 57

Accepted Solution

giltjr earned 1200 total points
ID: 26187218
Are all four sites using the same ISP?  Are all four sites in the same country?  If the answer is yes to both, then they all can use the same forwarders.

However if the answer is no to either one, then they should not use the same forwarders.

If you have different ISP's or the sites are in different countries, then use the forwarders the ISP provided.  This should allow each site to get responses a bit faster.  Of course you could load the helper file and not use the forwarders the ISP provided.  The disadvantage of using the helper file is you will not gain the advantage of your ISP caching entries for you.


Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question