Edgnett
asked on
issuing non ad intrigrated DNS servers as secondary dns to clients part of a win server domain
Hi,
i know this is not best practice but i was wondering if someone can give me a detailed explanation why.
question has been posed by a work colleague and i really didn't have a good enough answer other then "dont do it"
i understand that the client may have trouble resolving dc srv records im guessing it could cause issues with ad/dns replication but i am unable to explain it in a clear fashion.
issue came about with dns in an 2008sbs domain (actual fault was with the forwarder which i resolved)
someone else had looked at it first and implemented a "work around" by adding the router ip to dhcp as the secondary dns. i told him that you should never add a external dns to a server or client in a windows domain. but couldn't give a good enough reason why.
any help clearing this up would be appreciated :)
i know this is not best practice but i was wondering if someone can give me a detailed explanation why.
question has been posed by a work colleague and i really didn't have a good enough answer other then "dont do it"
i understand that the client may have trouble resolving dc srv records im guessing it could cause issues with ad/dns replication but i am unable to explain it in a clear fashion.
issue came about with dns in an 2008sbs domain (actual fault was with the forwarder which i resolved)
someone else had looked at it first and implemented a "work around" by adding the router ip to dhcp as the secondary dns. i told him that you should never add a external dns to a server or client in a windows domain. but couldn't give a good enough reason why.
any help clearing this up would be appreciated :)
Doing that in a Windows domain would cause problems with member systems (computers or servers) communicating on the internal network since it can't resolve using external DNS. Not something you would want to do. Would also cause login issues with users trying to access network resources (file shares, etc).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
By adding a secon DNS server as anything other than a Windows Server will mean that DNS lokups will fail.
The Windows client if for any reason is unable to perform a lookup on the primary server it will fail over to the secondary. This could be because of a temporary load or temporary break in network communication.
It will not then fail over to the primary again until the secondary becomes unavailable or the cache is forcefully reset.
This will cause authentication as well as name lookup issues.