Link to home
Start Free TrialLog in
Avatar of jtano
jtanoFlag for United States of America

asked on

Secondary DNS server and DHCP

We have a main dns .123 server and a backup dns .789 server. All of our remote sites have 2 spots in the Cicso ASA router for DNS. We had the main dns .123 and the secondary DNS .789 in those spots . It was changed  so that primary dns.123 was our main dns server and then 8.8.8.8 for the secondary in case  our connection went down between us the remote sites could still work. They were divided up so some of the sites used our main DNS.123 server and 8.8.8.8 as the secondary dns and  some sites used our backup DNS.789 and then 8.8.8.8 for secondary.
Do you see any problem with this? I know there are some debates as to whether to use google dns or the ISP DNS, but other than that?
ASKER CERTIFIED SOLUTION
Avatar of N-W
N-W
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of David Johnson, CD
You will have problems.. You've implemented something that is highly discouraged. You WILL get unexpected behaviour that is extremely hard to track down.  As noted above implementing a DNS server locally is the proper solution. A micro-ATX machine is ideal for this.
There are several good articles on the subject but ill explain the basics real quick of how windows uses alternate DNS servers.

Turn on your computer, it uses dns1. At some point if DNS1 doesn't respond, it tries dns2. If dns2 responds, it will continue to use dns2 until it doesn't respond. It will never go back to dns1 unless dns2 fails at some point.

I agree that setting up a DNS server at both sites is best.
Best option would be to have local DNS at each sites and DNS servers use root hints.
Avatar of jtano

ASKER

Thanks for the answers from everyone. I gave the points to N-W since he answered first and basically everyone agreed. I do appreciate the extra comments. If I awarded points incorrectly I apologize.
.789 ?
When you use an IP v4 address (this one is fake), remember that .254 is the max!
You may have used .xyz and .abc to avoid confusion...