Domain DNS and Firewall DNS

Posted on 2010-08-30
Last Modified: 2012-05-10
I have a win2003svr domain controller. I also have a firewall (Kerio Control).  My question is regarding the configuration of the DNS from the AD controller and the Kerio Control.
Question by:benjalamelami
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2

Expert Comment

ID: 33564089
Use AD, and do not use the Firewall DNS.  
Within Windows 2003 server, DNS can integrate with DHCP and work more effectively.  You should have the WIndwos DNS use root hints to look up secondary/recursive records, rather than specifying the firewall or ISP DNS for outside.  This offers better reliability.  Alyernatively, you could use the ISP DNS which might give you fatser lookup speed, but be less reliable.

Expert Comment

ID: 33564147
Check out this article about windows 2003 DNS


Author Comment

ID: 33564162
Dear Sstone.

Thanks for your help.  I have my DHCP integrated with my DNS.  So, let me see if I get it right:

- Stablish the DHCP to give DHCP clients the DNS from the AD server itself (its small network: AD, DNS, DHCP are all in the same server)

- The DNS for the server will be"

What I dont understand very clear, is where or how do clients know where to look for the external name servers for solving the internet names.  

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.


Expert Comment

ID: 33564188
The 2003 DNS server will service all your internal network.

In the DNS Console, there will be Root Hints which point to External IP addresses for external name resolution.

Also check your firewall, DNS uses UDP port 53 and TCP port 53.

Author Comment

ID: 33598933
Thank you very much for your help.  However DNS resolution for internet domains became really slow.  It does work, but takes 4 seconds or something per domain.  I was wondering, if it had to do on how the Kerio Control machine is configured.  Or if I should add some root hints to the ISP DNS.

Accepted Solution

sstone55423 earned 125 total points
ID: 33600954
Within the Windwos DNS you can specify secondary lookup.  (properties of the DNS server) If nothing is specified there, then it uses root hints, which can be slugglish sometimes.  You can also specify outside DNS servers explicitly for everything (instead of root hints) or on an on domain basis.  These look ups should be faster than root hints.  Some people specify their ISP's DNS servers.  Depending on the ISP, that can be slow or not.  You can also try pointing the Windows DNS to the Kerio as secondary -- just to see if performance is better.
The reason you need to use your internal WIndows erver for DNS (given out by Windows DHCP) is that to authenticate with Windows domain properely, (AD) you have to resolve SRV records that are unique to AD.

Author Closing Comment

ID: 33974770
Thanks for the tip.  

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question