Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 442
  • Last Modified:

Domain DNS and Firewall DNS

I have a win2003svr domain controller. I also have a firewall (Kerio Control).  My question is regarding the configuration of the DNS from the AD controller and the Kerio Control.
0
benjalamelami
Asked:
benjalamelami
  • 3
  • 2
  • 2
1 Solution
 
sstone55423Commented:
Use AD, and do not use the Firewall DNS.  
Within Windows 2003 server, DNS can integrate with DHCP and work more effectively.  You should have the WIndwos DNS use root hints to look up secondary/recursive records, rather than specifying the firewall or ISP DNS for outside.  This offers better reliability.  Alyernatively, you could use the ISP DNS which might give you fatser lookup speed, but be less reliable.
0
 
sire_harveyCommented:
Check out this article about windows 2003 DNS

http://support.microsoft.com/kb/323380

cheers
0
 
benjalamelamiAuthor Commented:
Dear Sstone.

Thanks for your help.  I have my DHCP integrated with my DNS.  So, let me see if I get it right:

- Stablish the DHCP to give DHCP clients the DNS from the AD server itself (its small network: AD, DNS, DHCP are all in the same server)

- The DNS for the server will be" 127.0.0.1

What I dont understand very clear, is where or how do clients know where to look for the external name servers for solving the internet names.  

Thanks
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
sire_harveyCommented:
The 2003 DNS server will service all your internal network.

In the DNS Console, there will be Root Hints which point to External IP addresses for external name resolution.

Also check your firewall, DNS uses UDP port 53 and TCP port 53.
0
 
benjalamelamiAuthor Commented:
Thank you very much for your help.  However DNS resolution for internet domains became really slow.  It does work, but takes 4 seconds or something per domain.  I was wondering, if it had to do on how the Kerio Control machine is configured.  Or if I should add some root hints to the ISP DNS.
0
 
sstone55423Commented:
Within the Windwos DNS you can specify secondary lookup.  (properties of the DNS server) If nothing is specified there, then it uses root hints, which can be slugglish sometimes.  You can also specify outside DNS servers explicitly for everything (instead of root hints) or on an on domain basis.  These look ups should be faster than root hints.  Some people specify their ISP's DNS servers.  Depending on the ISP, that can be slow or not.  You can also try pointing the Windows DNS to the Kerio as secondary -- just to see if performance is better.
 
The reason you need to use your internal WIndows erver for DNS (given out by Windows DHCP) is that to authenticate with Windows domain properely, (AD) you have to resolve SRV records that are unique to AD.
0
 
benjalamelamiAuthor Commented:
Thanks for the tip.  
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now