External DNS Record Management

Posted on 2013-01-23
Medium Priority
Last Modified: 2013-01-24
Our external DNS record is currently being managed by our ISP.  We are going through the process of moving this management to a hosted service.

I obtained a copy of our DNS records and recreated them on the new service.

I also added the new nameservers to the service that we have registered our domain name with.

I logged into our master domain controller and launched DNS Manager, opened the properties of the DNS Server object.  Under the Forwarders tab I added the two new nameservers, however, under "Validated", I see "An unknown error occurred".  Can anyone tell me how to remedy this error?  Is there another configuration change I need to make to our master domain controller?

We have Cisco switching, routers, wireless controllers, and our DMZ is a Cisco ASA5510.  Will we need to configure these new nameservers on any of this equipment?

Question by:FHS-Tech
  • 2
  • 2
LVL 10

Accepted Solution

rscottvan earned 1400 total points
ID: 38811211
There's a distinction between Recursive and Authoritative DNS that you should understand.

Recursive is when you go out to look up an IP Address from a name (or other types of records, too, but I'm oversimplifying).

Authoritative is serving records for other people to look up.

Some DNS servers do both.

Most ISPs provide recursive servers so that you can do lookups using local servers.  Often, the same servers are used by those ISPs for hosting Authoritative records, which sounds like the case for you.

You should not need to make any changes to your internal DNS settings for looking up name records, as long as you're still using the same ISP for internet connectivity.

You should also continue to use the ISPs recursive servers for Forwarders in AD.  (Unless you are concerned with reliability or something.)

So, I recommend changing the forwarders back to the way they were, and all should be well.
LVL 27

Assisted Solution

DrDave242 earned 600 total points
ID: 38811879
I agree; there's no reason to change your forwarders simply because you're changing DNS hosts.  Your ISP's DNS servers will likely provide the quickest response to queries forwarded by your server, simply because the ISP is right there at the other end of your Internet connection.  (There are more variables in that equation, of course, but unless you've experienced problems with the ISP's servers, I'd continue to use them as forwarders.)

Author Comment

ID: 38815373
Thanks for the explanations - it helps to understand how this all comes together, but what if the forwarders that are currently configured will no longer be available?  It was a backup ISP service that we will soon be disconnecting.  Do we add the nameservers of our current ISP to the forwarders list?  I really appreciate the quick responses!
LVL 10

Expert Comment

ID: 38815383
Yes, the best forwarders to use are the most reliable DNS servers that are available and near to you (by latency), so your ISP should be the best option for you.

Author Comment

ID: 38815465
Wonderful!  I appreciate the timely and informative responses.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question