Improve company productivity with a Business Account.Sign Up

x
?
Solved

DNS Forwarders on Domain controllers

Posted on 2013-11-23
4
Medium Priority
?
1,348 Views
Last Modified: 2013-11-25
Hi

On all our domain controller's we have in place Google Public DNS IP addresses as forwarders.
 
•8.8.8.8
•8.8.4.4

Not sure if this is good practice, any thoughts on this or recommendations?
0
Comment
Question by:lhrslsshahi
4 Comments
 
LVL 41

Expert Comment

by:Mahesh
ID: 39671947
Its not best practise to set forwarders to public DNS on all AD \ DNS servers
If you have multiple sites having multiple DC \ DNS servers, then I prefer to enter forwarder DNS IPs on one DNS server in a given site.
Even in multisite organizations also, some times they preffer to route internet traffic through hub location.

For Microsoft, either root hints or forwaders must be set on all DNS servers to enable internet name resolution.in case of forwader fails root hints can \ will be used as fall back.

But in real world scenario, organization security policies wanted that internet traffic should be routed from perticular DC servers \ routers \Proxy devices.

hope that helps
Mahesh
0
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 39672015
You should add the DNS Servers from your Internet Provider.
Adding too much Servers will not bring you anything! Best practise is to have 2 - 3 Servers.

For an example:
If you have 5 DNS Servers and the first will do the name resolution all other Servers are useless.
0
 
LVL 1

Accepted Solution

by:
marcoseguracr earned 2000 total points
ID: 39672118
My recommendation is not use all time the ISP DNS (sometimes they are slow depend of your country).

In general use this tool:

https://www.grc.com/dns/benchmark.htm

The DNS Benchmark test the best DNS servers for you based in test a lot of public servers.

I not recommend you use google public dns (they are fast, but track all, jajaja)

NORTON DNS or LEVEL3 DNS are really good ones

In general install it only in your PERIMETRAL DNS, not in your AD environment and forward external from AD=>PerimetralDNS=>World DNS

Greetings

:)
0
 

Author Closing Comment

by:lhrslsshahi
ID: 39675616
Just what I was looking for! :-)
0

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question