Secondary DNS server and DHCP

We have a main dns .123 server and a backup dns .789 server. All of our remote sites have 2 spots in the Cicso ASA router for DNS. We had the main dns .123 and the secondary DNS .789 in those spots . It was changed  so that primary dns.123 was our main dns server and then 8.8.8.8 for the secondary in case  our connection went down between us the remote sites could still work. They were divided up so some of the sites used our main DNS.123 server and 8.8.8.8 as the secondary dns and  some sites used our backup DNS.789 and then 8.8.8.8 for secondary.
Do you see any problem with this? I know there are some debates as to whether to use google dns or the ISP DNS, but other than that?
jtanoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

N-WCommented:
Do you see any problem with this?

Your users may find that they are sporadically unable to access internal domain resources, due to having the external DNS server as their secondary DNS.

The Windows DNS client doesn't always use the primary DNS server first, for various reasons. If your users heavily rely on internal DNS (for connecting to internal file shares, printers, websites, etc), I highly recommend not using an external DNS service for your secondary DNS lookups.

A better solution would be to deploy a DNS server at each site (doesn't have to be expensive, even a small Linux box running on 512MB RAM, serving as DNS slave could do it). Not only would this allow for correct internal DNS lookup, but it would also speed up the DNS lookup time for your users.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David Johnson, CD, MVPOwnerCommented:
You will have problems.. You've implemented something that is highly discouraged. You WILL get unexpected behaviour that is extremely hard to track down.  As noted above implementing a DNS server locally is the proper solution. A micro-ATX machine is ideal for this.
0
Aaron TomoskySD-WAN SimplifiedCommented:
There are several good articles on the subject but ill explain the basics real quick of how windows uses alternate DNS servers.

Turn on your computer, it uses dns1. At some point if DNS1 doesn't respond, it tries dns2. If dns2 responds, it will continue to use dns2 until it doesn't respond. It will never go back to dns1 unless dns2 fails at some point.

I agree that setting up a DNS server at both sites is best.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Best option would be to have local DNS at each sites and DNS servers use root hints.
0
jtanoAuthor Commented:
Thanks for the answers from everyone. I gave the points to N-W since he answered first and basically everyone agreed. I do appreciate the extra comments. If I awarded points incorrectly I apologize.
0
vivigattCommented:
.789 ?
When you use an IP v4 address (this one is fake), remember that .254 is the max!
You may have used .xyz and .abc to avoid confusion...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.