Solved

DNS Forwarders on Domain controllers

Posted on 2013-11-23
4
1,088 Views
Last Modified: 2013-11-25
Hi

On all our domain controller's we have in place Google Public DNS IP addresses as forwarders.
 
•8.8.8.8
•8.8.4.4

Not sure if this is good practice, any thoughts on this or recommendations?
0
Comment
Question by:lhrslsshahi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39671947
Its not best practise to set forwarders to public DNS on all AD \ DNS servers
If you have multiple sites having multiple DC \ DNS servers, then I prefer to enter forwarder DNS IPs on one DNS server in a given site.
Even in multisite organizations also, some times they preffer to route internet traffic through hub location.

For Microsoft, either root hints or forwaders must be set on all DNS servers to enable internet name resolution.in case of forwader fails root hints can \ will be used as fall back.

But in real world scenario, organization security policies wanted that internet traffic should be routed from perticular DC servers \ routers \Proxy devices.

hope that helps
Mahesh
0
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 39672015
You should add the DNS Servers from your Internet Provider.
Adding too much Servers will not bring you anything! Best practise is to have 2 - 3 Servers.

For an example:
If you have 5 DNS Servers and the first will do the name resolution all other Servers are useless.
0
 
LVL 1

Accepted Solution

by:
marcoseguracr earned 500 total points
ID: 39672118
My recommendation is not use all time the ISP DNS (sometimes they are slow depend of your country).

In general use this tool:

https://www.grc.com/dns/benchmark.htm

The DNS Benchmark test the best DNS servers for you based in test a lot of public servers.

I not recommend you use google public dns (they are fast, but track all, jajaja)

NORTON DNS or LEVEL3 DNS are really good ones

In general install it only in your PERIMETRAL DNS, not in your AD environment and forward external from AD=>PerimetralDNS=>World DNS

Greetings

:)
0
 

Author Closing Comment

by:lhrslsshahi
ID: 39675616
Just what I was looking for! :-)
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question