Forwarders on SECONDARY DNS?

[CB]

Hello,
Thanks in advance for your assistance.

We've got a Win2003 Active Directory domain.

Primary DNS server has FORWARDERS configured pointing to our ISP DNS
servers.

Question:
Is it a good practice to configure FORWARDERS on the Secondary DNS
server?

-CB

 

[Terry Liu [MSFT]]

Hi CB,

Thank you for posting here!

We don't recommend that you configure FORWARDERS on the secondary DNS
server because all the clients will use the first DNS server by default. So
the FORWARDERS on the secondary DNS server won't work until the first DNS
server is down. Once the first DNS server is down, the clients will point
to the secondary DNS server if it has been configured on the clients as the
secondary DNS server.

I hope this addresses your concern!

Best regards,

Terry Liu
MCSE 2K MCSA MCDBA CCNA
Microsoft Online Support Engineer

Get Secure! - <www.microsoft.com/security>
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Ace Fekay [MVP]]

In

Hello,
Thanks in advance for your assistance.

We've got a Win2003 Active Directory domain.

Primary DNS server has FORWARDERS configured pointing to our ISP DNS
servers.

Question:
Is it a good practice to configure FORWARDERS on the Secondary DNS
server?

-CB

Yes. Any server will forward if it doesn't have the answer, provided
forwarding is configured.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Ace Fekay [MVP]]

In

Hi CB,

Thank you for posting here!

We don't recommend that you configure FORWARDERS on the secondary DNS
server because all the clients will use the first DNS server by
default. So the FORWARDERS on the secondary DNS server won't work
until the first DNS server is down. Once the first DNS server is
down, the clients will point to the secondary DNS server if it has
been configured on the clients as the secondary DNS server.

I hope this addresses your concern!

Best regards,

Terry Liu
MCSE 2K MCSA MCDBA CCNA

Hi Terry, what about when a DNS server in a remote location has a Secondary
zone that the clients point at first? You would want forwarding configured
on it, wouldn't you? Unless I'm missing something, wouldn't want forwarding
configured on the sercondary even if it were the second in the entry in case
the client ever needed it?

So I guess it would depend on the scenario?

Thanks,





--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Jonathan de Boyne Pollard]

TL> We don't recommend that you configure FORWARDERS on the
TL> secondary DNS server because all the clients will use the
TL> first DNS server by default. So the FORWARDERS on the
TL> secondary DNS server won't work until the first DNS server
TL> is down. Once the first DNS server is down, the clients will
TL> point to the secondary DNS server if it has been configured
TL> on the clients as the secondary DNS server.

You are conflating "preferred/alternate" with "primary/secondary".

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-database-replication.html>

Forwarding will work (or not work) on the second DNS server
_irrespective_ of whether the first is up or down. The state of
the first DNS server has nothing to do with whether forwarding
works on the second. So your recommendation is based upon an
erroneous premise.

I recommend that the proxy DNS services, in both the first and the
second DNS servers that he has, be configured identically to each
other. In other words: If the first forwards queries to other
proxy DNS servers that are "closer" to Internet, so too should the
second (to the _same_ proxy DNS servers); and if the first performs
query resolution itself, so too should the second.

 

[Terry Liu [MSFT]]

Hi Ace,

Thank you for your input in this thread. Your suggestion is right for
another scenario.

Best regards,

Terry Liu
MCSE 2K MCSA MCDBA CCNA
Microsoft Online Support Engineer

Get Secure! - <www.microsoft.com/security>
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Ace Fekay [MVP]]

In

Hi Ace,

Thank you for your input in this thread. Your suggestion is right for
another scenario.

Best regards,

Terry Liu

Thanks Terry for replying.

Honestly, IMO, I would configure a forwarder on the Secondary anyway (as I
have configured for all my clients), just in case the client needs to revert
to it in case the first entry goes down, especially since it's following the
resolver service method to go to the next entry and not to use the first one
again until a restart, restart the DNS client service or a reg entry to
alter that method and force it to reset the list, as indicated here:

286834 - The DNS Client Service Does Not Revert to Using the First Server in
the List [how does the client choose which one to use first] [resolver
logic]:
http://support.microsoft.com/?id=286834


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Terry Liu [MSFT]]

Hi Ace,

Thank you for the further explaination.

I truly appreciate it.

Best regards,

Terry Liu
MCSE 2K MCSA MCDBA CCNA
Microsoft Online Support Engineer

Get Secure! - <www.microsoft.com/security>
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Ace Fekay [MVP]]

In

Hi Ace,

Thank you for the further explaination.

I truly appreciate it.

Best regards,

Terry Liu
MCSE 2K MCSA MCDBA CCNA
Microsoft Online Support Engineer

Get Secure! - <www.microsoft.com/security>
=====================================================
When responding to posts, please "Reply to Group" via your newsreader
so that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.

Thank you Terry.
Have a great weekend!



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================