Clients' DNS config?

M

Mark N.

I remember reading that my clients should not point to my ISP for DNS
resolution? Should they only point to my AD DNS server, or did I
misunderstand? I know that this works (because I'm testing it) but wouldn't
DNS resolution be faster and place less burden on my internal DNS server if
my 65 clients didn't go through it for their internet DNS resolutions?

Thanks,
Mark
 
A

Andrew Mitchell

Mark N. said:
I remember reading that my clients should not point to my ISP for DNS
resolution?
Correct.

Should they only point to my AD DNS server,
Click to expand...

Yes. *Only* your DNS server.
or did I
misunderstand?
Nope.

I know that this works (because I'm testing it) but
wouldn't DNS resolution be faster and place less burden on my internal
DNS server if my 65 clients didn't go through it for their internet DNS
resolutions?
Click to expand...

It would also place less strain on your domain controllers as none of your
clients would be able to reach them. ;-)
 
M

Mark N.

It would also place less strain on your domain controllers as none of your
clients would be able to reach them. ;-)
Click to expand...

Okay... Your point is pretty clear ;-)

Thanks!
Mark
 
M

Mark N.

I remember reading that my clients should not point to my ISP for DNS
Yes. *Only* your DNS server.


Nope.
Click to expand...


Hey, what about my Domain Controllers? And any DCs in a child domain?
Should they all point to just my internal DNS server in the root domain?

Thanks,
Mark
 
A

Andrew Mitchell

Mark N. said:
Hey, what about my Domain Controllers? And any DCs in a child domain?
Should they all point to just my internal DNS server in the root domain?
Click to expand...

They should all point to your primary AD integrated DNS, *especially* your
domain controllers. Your DNS should be setup with forwarders pointing to
your ISP's DNS if you need them.

http://support.microsoft.com/default.aspx?scid=kb;en-us;291382

Question: Why do I have to point my domain controller to itself for DNS?

Answer: The Netlogon service on the domain controller registers a number of
records in DNS that enable other domain controllers and computers to find
Active Directory-related information. If the domain controller is pointing
to the Internet service provider's (ISP) DNS server, Netlogon does not
register the correct records for Active Directory, and errors are generated
in Event Viewer. The preferred DNS setting for the domain controller is
itself; no other DNS servers should be listed. The only exception to this
rule is with additional domain controllers. Additional domain controllers
in the domain must point to the first domain controller (which runs DNS)
that was installed in the domain and then to themselves as secondary.

Question: Should I point the other Windows 2000-based and Windows Server
2003-based computers on my LAN to my ISP's DNS servers?

Answer: No. If a Windows 2000-based or Windows Server 2003-based server or
workstation does not find the domain controller in DNS, you may experience
issues joining the domain or logging on to the domain. A Windows 2000-based
or Windows Server 2003-based computer's preferred DNS setting should point
to the Windows 2000 or Windows Server 2003 domain controller running DNS.
If you are using DHCP, make sure that you view scope option #15 for the
correct DNS server settings for your LAN.
 
H

Herb Martin

Same thing. DCs are DNS clients too.

For child domains, you usually point ALL the clients (DCs
and even DNS servers themselves) to the same domain DNS
but then that DNS (set) has to find the "root" and search downwards
or have some other way (e.g., holding cross secondary DNSs
for other domains) to resolve the ENTIRE internal namespace
or trees.

Win2003 offers more choices but it is the same basic principle.


--
DNS
1) Dynamic for the zone supporting AD
2) All internal DNS client NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC.
 
M

Mark N.

Same thing. DCs are DNS clients too.
For child domains, you usually point ALL the clients (DCs
and even DNS servers themselves) to the same domain DNS
but then that DNS (set) has to find the "root" and search downwards
or have some other way (e.g., holding cross secondary DNSs
for other domains) to resolve the ENTIRE internal namespace
or trees.

Win2003 offers more choices but it is the same basic principle.


--
DNS
1) Dynamic for the zone supporting AD
2) All internal DNS client NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC.
Click to expand...


Great! Thanks!!!
Mark
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

WINDOWS 2003 AD With Win2000 Standalone DNS Server ? 1
DNS migration 1
NT4 Domain upgrade to Windows 2000 AD 4
AD DNS question 3
DNS question 2
DNS Issues 1
ADS and DNS issues 2
Where to Point DNS on Backup DC/DNS Server 1

Top