Solved

Better DNS configurations for my network

Posted on 2010-11-09
9
728 Views
Last Modified: 2012-05-10
Dear Sir
i want to ask yyu about the better DNS configuration for my network because sometimes the  internet connection became very slow without any reason .
The topology of my network:
1- internet modem with 192.168.100.1 as IP
2- HP server with windows server 2008 installed in it with the Forefront TMG , with 2 NIC
 a- external NIC with 192.168.100.5 as ip address , 192.168.100.1 as gateway
 b- internal NIC with 192.168.0.1 as ip address , 192.168.0.3 as primary DNS server , 192.168.0.5 as secondary dns server
3- 2 serves with windows server 2008 installed, with role is DNS server
first one has 192.168.0.3 as ip , 192.168.0.1 as gateway , 192.168.0.3 and 192.168.0.5 as dns server
secnd one has 192.168.0.5 as ip , 192.168.0.1 as gateway , 192.168.0.3 and 192.168.0.5 as dns
4- all the clients have 192.168.0.1 as gateway and 192.168.0.3 as primary dns and 192.168.0.5 as secondary dns server

What the better configuration for the external and internal NIC to the hp server

Regards
0
Comment
Question by:spring80
  • 5
  • 2
  • 2
9 Comments
 
LVL 8

Expert Comment

by:rjwesley
ID: 34095786
I'd setup the modem in bridge mode and set your external NIC as the WAN configuration. That's based on my experience with ISA.

Are you using DNS forwarders on both DNS servers? Where you could probably use public dns servers such as 8.8.8.8 and 4.2.2.2 and 4.2.2.1

Rob
0
 

Author Comment

by:spring80
ID: 34097089
can you tell me the step to configure the dns forwarders ?? and what the advantages of that
0
 
LVL 8

Expert Comment

by:rjwesley
ID: 34097171
0
 

Author Comment

by:spring80
ID: 34097306
ok i check the url ,but what the better dns server to use as dns forwarder ??
i know 208.67.222.222 and 208.67.220.220
is there somthing better??
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:spring80
ID: 34097373
what should i configure the external NIC??
should i enter 192.168.0.3 and 192.168.0.5 (the ip of dns server) in the configuration for the external nic ??
or using 192.168.100.1 (the ip of the internet modem )
??
Regards
0
 
LVL 7

Expert Comment

by:Mohamed Khairy
ID: 34098766
Hi Spring80:

If you are going to use a Forwarder, you must make sure that the Forwarder is always available, no matter which internet connection you use because some ISPs block access to their DNS servers unless you are connecting from one of their IP addresses.

Also, You must be sure the they doesn't plan on changing their DNS infrastructure by decommissioning old name servers, deploying new ones, or changing the IP addresses of existing ones because If they do change their infrastructure and don't inform you of this, then your name server may suddenly find itself forwarding queries to non-existing name servers resulting in failed name queries and frustrated users flooding help desk with calls.

In this case I think that it's too much better to not use forwarders at all and let your DNS server use the default Root Hint.

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
0
 

Author Comment

by:spring80
ID: 34099588
ok i understand ,but now what should the better configuration for the external nic for my hp server
is it 192.168.0.3 ,192.168.0.5 as my dns server
or 192.168.100.1 as my internet modem ??

Regards
0
 
LVL 7

Accepted Solution

by:
Mohamed Khairy earned 500 total points
ID: 34100484
What about yourT MG ? is it joined to the domain or workgroup?

You should use the inrternal DNS servers 192.168.0.3 and 192.168.0.5 as your primary and secondary DNS after configuring your DNS servers to use forwarders  options because this will speed up and improve the naming resolution process as described in this article:

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

Also checkout this article that explain the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG).

http://www.experts-exchange.com/Microsoft/Windows_Security/A_1477-Configuring-ISA-2004-2006-Forefront-Threat-Management-Gateway-for-basic-networking-and-DNS-settings.html
0
 

Author Closing Comment

by:spring80
ID: 34101811
Very helpful
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now