Solved

Better DNS configurations for my network

Posted on 2010-11-09
9
744 Views
Last Modified: 2012-05-10
Dear Sir
i want to ask yyu about the better DNS configuration for my network because sometimes the  internet connection became very slow without any reason .
The topology of my network:
1- internet modem with 192.168.100.1 as IP
2- HP server with windows server 2008 installed in it with the Forefront TMG , with 2 NIC
 a- external NIC with 192.168.100.5 as ip address , 192.168.100.1 as gateway
 b- internal NIC with 192.168.0.1 as ip address , 192.168.0.3 as primary DNS server , 192.168.0.5 as secondary dns server
3- 2 serves with windows server 2008 installed, with role is DNS server
first one has 192.168.0.3 as ip , 192.168.0.1 as gateway , 192.168.0.3 and 192.168.0.5 as dns server
secnd one has 192.168.0.5 as ip , 192.168.0.1 as gateway , 192.168.0.3 and 192.168.0.5 as dns
4- all the clients have 192.168.0.1 as gateway and 192.168.0.3 as primary dns and 192.168.0.5 as secondary dns server

What the better configuration for the external and internal NIC to the hp server

Regards
0
Comment
Question by:spring80
  • 5
  • 2
  • 2
9 Comments
 
LVL 8

Expert Comment

by:rjwesley
ID: 34095786
I'd setup the modem in bridge mode and set your external NIC as the WAN configuration. That's based on my experience with ISA.

Are you using DNS forwarders on both DNS servers? Where you could probably use public dns servers such as 8.8.8.8 and 4.2.2.2 and 4.2.2.1

Rob
0
 

Author Comment

by:spring80
ID: 34097089
can you tell me the step to configure the dns forwarders ?? and what the advantages of that
0
 
LVL 8

Expert Comment

by:rjwesley
ID: 34097171
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:spring80
ID: 34097306
ok i check the url ,but what the better dns server to use as dns forwarder ??
i know 208.67.222.222 and 208.67.220.220
is there somthing better??
0
 

Author Comment

by:spring80
ID: 34097373
what should i configure the external NIC??
should i enter 192.168.0.3 and 192.168.0.5 (the ip of dns server) in the configuration for the external nic ??
or using 192.168.100.1 (the ip of the internet modem )
??
Regards
0
 
LVL 7

Expert Comment

by:Mohamed Khairy
ID: 34098766
Hi Spring80:

If you are going to use a Forwarder, you must make sure that the Forwarder is always available, no matter which internet connection you use because some ISPs block access to their DNS servers unless you are connecting from one of their IP addresses.

Also, You must be sure the they doesn't plan on changing their DNS infrastructure by decommissioning old name servers, deploying new ones, or changing the IP addresses of existing ones because If they do change their infrastructure and don't inform you of this, then your name server may suddenly find itself forwarding queries to non-existing name servers resulting in failed name queries and frustrated users flooding help desk with calls.

In this case I think that it's too much better to not use forwarders at all and let your DNS server use the default Root Hint.

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
0
 

Author Comment

by:spring80
ID: 34099588
ok i understand ,but now what should the better configuration for the external nic for my hp server
is it 192.168.0.3 ,192.168.0.5 as my dns server
or 192.168.100.1 as my internet modem ??

Regards
0
 
LVL 7

Accepted Solution

by:
Mohamed Khairy earned 500 total points
ID: 34100484
What about yourT MG ? is it joined to the domain or workgroup?

You should use the inrternal DNS servers 192.168.0.3 and 192.168.0.5 as your primary and secondary DNS after configuring your DNS servers to use forwarders  options because this will speed up and improve the naming resolution process as described in this article:

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

Also checkout this article that explain the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG).

http://www.experts-exchange.com/Microsoft/Windows_Security/A_1477-Configuring-ISA-2004-2006-Forefront-Threat-Management-Gateway-for-basic-networking-and-DNS-settings.html
0
 

Author Closing Comment

by:spring80
ID: 34101811
Very helpful
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question