Re: DNS + Forwarders
- From: "Kurt" <lorentzenkurt@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 27 Sep 2006 13:08:15 -0700
ADI zones, if all servers hold all the same zones, should be identical.
Every site with a local Internet connection could have a forwarder to the
local ISP's DNS server. As Herb pointed out, it MIGHT have some value to
forward from a site that doesn't have it's own internet service to a DNS
server in a site that does, so that only one forward query and one reply
will traverse the WAN, and further forward queries or recursive lookups are
performed from a site with a separate Internet connection to conserver WAN
bandwidth. I see no point in having both. Herb?
....kurt
"Adrian" <Adrian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9FAA110C-BAC3-43E0-924E-254D1389EB56@xxxxxxxxxxxxxxxx
Thanks Herb for your detailed response.
Our 7 servers are all "Active Directory Integrated Zones"
Unfortunaly I don't know why some of the servers have "enable forwarders"
ticked and others dont, Ive only recently moved to this firm so Im trying
to
make sense how/why it was setup this way.
All the sites are connected to the internet through our proxy server at
head
office, the WAN links are all quite good running at 512 -1Mb on dedicated
lines so I dont think its a bandwidth issue.
All the sites have the exact same hardware and should be identical to each
other configuration wise but some where along the lines someone has made
changes so now I trying to get them all back looking the same again.
How do you think we should be setup in terms if best practice?
"Herb Martin" wrote:
"Adrian" <Adrian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E1CDE7B2-4207-460B-A90C-E1C98BB156CF@xxxxxxxxxxxxxxxx
Hey all,
A little unsure about DNS and forwarders could you check to see if my
logic
is flawed.
Win 2000 domain, 7 Dcs, 5 around the country and 2 in head office
Under the DNS mmc some of the servers have "Enable Forwarders" ticked
and
some don't. The two DCs in head office are the main DNS servers.
Why do you enable Forwarders?
If the answer is that your DNS servers don't hold ALL of your
internal zone, or that you wish to resolve THE Internet then
likely EVER DNS server should enable forwarders if any of
them do.
There are two general ways for a DNS server to resolve names it doesn't
'know directly' (i.e., for zones it doesn't hold):
1) Recurse physically (root down)
2) Forward
Theorectically some of your DNS servers might be recursing
and others might forward but why would they be different?
Shouldn't all the DNS servers have "Enabled Forwarders" ticked and
pointing
back to our main DNS servers? Any reason why they shouldn't?
You don't want your fowarding chains to be TOO long but this
might make perfect sense if your WAN lines are fairly slow since
your branch DNS will only make ONE forwarding request to the
"Main DNS" which may have the answer in cache (since other
DNS servers and it's direct clients may recently have asked the
same question) OR it will make all of the subsequent requests
(either forward or recursing) for the name and likely be "closer"
to the Internet.
If every branch had its own direct connection to The Internet then
this might not be so helpful.
Shouldn't it be PC -> local DNS server, if this cant resolve it, it
should
point it back to the main DNS servers which if again cant resolve then
goes
to the root hints.
So PC -> Local DNS -> Main DNS -> Root hints
That can work, but without a full reading of (and perhaps testing
on) your actual WAN lines we cannot say for sure.
Hope this makes sense, thanks
How does it work currently?
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Regards
Adrian
.
- Follow-Ups:
- Re: DNS + Forwarders
- From: Herb Martin
- Re: DNS + Forwarders
- References:
- Re: DNS + Forwarders
- From: Herb Martin
- Re: DNS + Forwarders
- From: Adrian
- Re: DNS + Forwarders
- Prev by Date: Re: DNS + Forwarders
- Next by Date: Re: DNS + Forwarders
- Previous by thread: Re: DNS + Forwarders
- Next by thread: Re: DNS + Forwarders
- Index(es):
Relevant Pages
|
