Secondary DNS server and DHCP

Posted on 2013-09-08
Medium Priority
Last Modified: 2013-09-09
We have a main dns .123 server and a backup dns .789 server. All of our remote sites have 2 spots in the Cicso ASA router for DNS. We had the main dns .123 and the secondary DNS .789 in those spots . It was changed  so that primary dns.123 was our main dns server and then for the secondary in case  our connection went down between us the remote sites could still work. They were divided up so some of the sites used our main DNS.123 server and as the secondary dns and  some sites used our backup DNS.789 and then for secondary.
Do you see any problem with this? I know there are some debates as to whether to use google dns or the ISP DNS, but other than that?
Question by:jtano

Accepted Solution

N-W earned 1000 total points
ID: 39475270
Do you see any problem with this?

Your users may find that they are sporadically unable to access internal domain resources, due to having the external DNS server as their secondary DNS.

The Windows DNS client doesn't always use the primary DNS server first, for various reasons. If your users heavily rely on internal DNS (for connecting to internal file shares, printers, websites, etc), I highly recommend not using an external DNS service for your secondary DNS lookups.

A better solution would be to deploy a DNS server at each site (doesn't have to be expensive, even a small Linux box running on 512MB RAM, serving as DNS slave could do it). Not only would this allow for correct internal DNS lookup, but it would also speed up the DNS lookup time for your users.
LVL 85

Expert Comment

by:David Johnson, CD, MVP
ID: 39475312
You will have problems.. You've implemented something that is highly discouraged. You WILL get unexpected behaviour that is extremely hard to track down.  As noted above implementing a DNS server locally is the proper solution. A micro-ATX machine is ideal for this.
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39475415
There are several good articles on the subject but ill explain the basics real quick of how windows uses alternate DNS servers.

Turn on your computer, it uses dns1. At some point if DNS1 doesn't respond, it tries dns2. If dns2 responds, it will continue to use dns2 until it doesn't respond. It will never go back to dns1 unless dns2 fails at some point.

I agree that setting up a DNS server at both sites is best.
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 39476060
Best option would be to have local DNS at each sites and DNS servers use root hints.

Author Closing Comment

ID: 39476393
Thanks for the answers from everyone. I gave the points to N-W since he answered first and basically everyone agreed. I do appreciate the extra comments. If I awarded points incorrectly I apologize.
LVL 17

Expert Comment

ID: 39476403
.789 ?
When you use an IP v4 address (this one is fake), remember that .254 is the max!
You may have used .xyz and .abc to avoid confusion...

Featured Post

Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question