?
Solved

DNS Forwarders on Domain controllers

Posted on 2013-11-23
4
Medium Priority
?
1,128 Views
Last Modified: 2013-11-25
Hi

On all our domain controller's we have in place Google Public DNS IP addresses as forwarders.
 
•8.8.8.8
•8.8.4.4

Not sure if this is good practice, any thoughts on this or recommendations?
0
Comment
Question by:lhrslsshahi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39671947
Its not best practise to set forwarders to public DNS on all AD \ DNS servers
If you have multiple sites having multiple DC \ DNS servers, then I prefer to enter forwarder DNS IPs on one DNS server in a given site.
Even in multisite organizations also, some times they preffer to route internet traffic through hub location.

For Microsoft, either root hints or forwaders must be set on all DNS servers to enable internet name resolution.in case of forwader fails root hints can \ will be used as fall back.

But in real world scenario, organization security policies wanted that internet traffic should be routed from perticular DC servers \ routers \Proxy devices.

hope that helps
Mahesh
0
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 39672015
You should add the DNS Servers from your Internet Provider.
Adding too much Servers will not bring you anything! Best practise is to have 2 - 3 Servers.

For an example:
If you have 5 DNS Servers and the first will do the name resolution all other Servers are useless.
0
 
LVL 1

Accepted Solution

by:
marcoseguracr earned 2000 total points
ID: 39672118
My recommendation is not use all time the ISP DNS (sometimes they are slow depend of your country).

In general use this tool:

https://www.grc.com/dns/benchmark.htm

The DNS Benchmark test the best DNS servers for you based in test a lot of public servers.

I not recommend you use google public dns (they are fast, but track all, jajaja)

NORTON DNS or LEVEL3 DNS are really good ones

In general install it only in your PERIMETRAL DNS, not in your AD environment and forward external from AD=>PerimetralDNS=>World DNS

Greetings

:)
0
 

Author Closing Comment

by:lhrslsshahi
ID: 39675616
Just what I was looking for! :-)
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question