Hello all and thanks for your time and expertise.
Here's the background info: We currently configure all of our DNS servers to forward DNS queries they can't resolve to a combination Domain Controller/DNS server. Then the forwarders on this DC/DNS server are configured with forwarders for our ISP - No standard root hints - just another IP address for one of our ISP DNS Servers. Please bear in mind I didn't configure this but I want to make sure we're using best practices for our DNS Forwarder for our network.
I guess my first question is what is the recommended best practice in terms of setup for an organization's DNS forwarder that all of the other DNS servers use. I would think the first step would be to Demote this DC as this server should really only function as a DNS caching server. Should the primary DNS forwarder that obviously goes out to the internet be a DC. That seems unsafe but I just want to confirm. In theory couldn't our DNS caching server even be a standalone server or should I keep it on the domain but not add any zones.
Anyway, I hope I've been clear. Just to reiterate - this server will be the primary DNS forwarder for all other DNS servers on our network. Other DNS servers will forward queries they can't resolve like internet queries to this server. So with this server handling internet queries - should it be a DC or a caching only DNS server. Should it be a domain member or is it recommened to make it a standalone server.
Anyway, your input and recommendations are greatly appreciated.