• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

what is the correct DNS Forwarding configuration ??

Good morning

im in windows domain environment and i have couple of DNS servers on the network

my question is what is the correct DNS forwarding ORDER configuration , should my ISP DNS on top then my local or the opposite ?

and what other configuration make the resolving faster ????

  • 3
  • 2
1 Solution
F_A_H_DAuthor Commented:
 should i put my local secondary DNS on top or the ISP DNS ?
For internal  name resolution, Local DNS should be the first one.
The internal DNS should forward the request to the extrenal DNS (ISP DNS in your case) only for the names it cant resolve.
F_A_H_DAuthor Commented:
so in order i should put
1- local DNS

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Actually the internal client should point toward internal DNS.
The Internal DNS should forward the DNS requests to external DNS. (Configure here:  on your DC : DNS ..Your DC name... Properties...Forwarders) Add the external DNS here
In case this is still unclear, all of your domain-joined machines should use ONLY your internal DNS servers.  If you have a multi-site environment, machines at a given site should use at least one internal DNS server that is local to them before using a server at a different site (so the local server would be their preferred server, and a server at a different site could be used as an alternate).

ISP DNS servers should only be configured as forwarders on the internal DNS servers, and the internal servers should never be configured to forward to each other unless you've got more than one domain in your environment.  In that case, conditional forwarders should be used.
Just elaborating @DrDave242 comment:
Lets say your domain name is company.com which is configured on server IP a.b.c.d
and your ISP DNS is p.q.r.s
DNS entry on your clients of that domain should point to a.b.c.d
But on the Server a.b.c.d, you should point the forwarders to p.q.r.s
This way the client do the internal name resolution from the internal dns a.b.c.d but for extrernal name resolution go to p.q.r.s.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now