Domain DNS and Firewall DNS

Use AD, and do not use the Firewall DNS.  
Within Windows 2003 server, DNS can integrate with DHCP and work more effectively.  You should have the WIndwos DNS use root hints to look up secondary/recursive records, rather than specifying the firewall or ISP DNS for outside.  This offers better reliability.  Alyernatively, you could use the ISP DNS which might give you fatser lookup speed, but be less reliable.

Check out this article about windows 2003 DNS

http://support.microsoft.com/kb/323380

cheers

Dear Sstone.

Thanks for your help.  I have my DHCP integrated with my DNS.  So, let me see if I get it right:

- Stablish the DHCP to give DHCP clients the DNS from the AD server itself (its small network: AD, DNS, DHCP are all in the same server)

- The DNS for the server will be" 127.0.0.1

What I dont understand very clear, is where or how do clients know where to look for the external name servers for solving the internet names.  

Thanks

The 2003 DNS server will service all your internal network.

In the DNS Console, there will be Root Hints which point to External IP addresses for external name resolution.

Also check your firewall, DNS uses UDP port 53 and TCP port 53.

Thank you very much for your help.  However DNS resolution for internet domains became really slow.  It does work, but takes 4 seconds or something per domain.  I was wondering, if it had to do on how the Kerio Control machine is configured.  Or if I should add some root hints to the ISP DNS.

Thanks for the tip.