Solved

DNS Forwarders on Domain controllers

Posted on 2013-11-23
4
1,045 Views
Last Modified: 2013-11-25
Hi

On all our domain controller's we have in place Google Public DNS IP addresses as forwarders.
 
•8.8.8.8
•8.8.4.4

Not sure if this is good practice, any thoughts on this or recommendations?
0
Comment
Question by:lhrslsshahi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39671947
Its not best practise to set forwarders to public DNS on all AD \ DNS servers
If you have multiple sites having multiple DC \ DNS servers, then I prefer to enter forwarder DNS IPs on one DNS server in a given site.
Even in multisite organizations also, some times they preffer to route internet traffic through hub location.

For Microsoft, either root hints or forwaders must be set on all DNS servers to enable internet name resolution.in case of forwader fails root hints can \ will be used as fall back.

But in real world scenario, organization security policies wanted that internet traffic should be routed from perticular DC servers \ routers \Proxy devices.

hope that helps
Mahesh
0
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 39672015
You should add the DNS Servers from your Internet Provider.
Adding too much Servers will not bring you anything! Best practise is to have 2 - 3 Servers.

For an example:
If you have 5 DNS Servers and the first will do the name resolution all other Servers are useless.
0
 
LVL 1

Accepted Solution

by:
marcoseguracr earned 500 total points
ID: 39672118
My recommendation is not use all time the ISP DNS (sometimes they are slow depend of your country).

In general use this tool:

https://www.grc.com/dns/benchmark.htm

The DNS Benchmark test the best DNS servers for you based in test a lot of public servers.

I not recommend you use google public dns (they are fast, but track all, jajaja)

NORTON DNS or LEVEL3 DNS are really good ones

In general install it only in your PERIMETRAL DNS, not in your AD environment and forward external from AD=>PerimetralDNS=>World DNS

Greetings

:)
0
 

Author Closing Comment

by:lhrslsshahi
ID: 39675616
Just what I was looking for! :-)
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question