active directory DNS and forwarder

Have not worked on DNS for long time and have questions hope some one will help me on. DNS is slow response in my client place. The DNS is running on DC , it is active directory integrated . I think it is the good practice.
This DNS is set to forward the queries to their isp , i think it is best practice not to expose the dns to public.
Are the above  settings correct ?
2-  nslookup on one of the dns timing out error , What could be the issue?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Your current setup is correct. Don't expose your DNS servers.
However, a lookup to any DNS server should not time out. For the server that times out, check if it's listening to the correct NIC. Also do a lookup on the DNS server itself to see if it times out (not just the client).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
If your DNS server is timing out I suspect that you have a bad entry for your Name Servers.

If you run nslookup <press enter>

What do you get. Does it show IP addresses from Name Servers that should not be present?

Also what DNS servers are your clients using on there adapter?

If none of the above works then what i would suspect also is that your forwarders are not right and it is using the Root Hints to look up sites. If this is the case it will also slow down your DNS query.

I you sure that both DC's are healthy and replicating data? Have you run dcidag /v /e >c:\dcidag.txt
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.