Re: Using Forwarders
From: Herb Martin (news_at_LearnQuick.com)
Date: 01/05/05
- Next message: April: "Re: Using Forwarders"
- Previous message: Peter: "Re: hoto setup a backup/2nd DNS server"
- In reply to: April: "Re: Using Forwarders"
- Next in thread: April: "Re: Using Forwarders"
- Reply: April: "Re: Using Forwarders"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 5 Jan 2005 13:58:04 -0600
"April" <April@discussions.microsoft.com> wrote in message
news:7EC539A2-1761-46CE-ACA4-90DDB366ECA7@microsoft.com...
>
> A comment on this. Only can a forwarding server be set up to serve the
> client resolvers directly using it. In another word, the forwarding
servers
> should only be set up on local name servers, or on the ones normally serve
as
> "preferred" or "Alternate" name servers for client resolvers. Have not
seen
> a warning of this limitation on use of forwarding/forwarders, and I
believed
> this should be mentioned in the training materials.
I usually word it the other way around (since that is the
way the vast majority of people mess it up):
1) The internal clients must all use ONLY the internal DNS
server (set) in their NIC->IP properties -- i.e., they must
not use external DNS server or try to mix these.
2) The internal DNS server should (typically) be set to forward
to the gateway or ISP DNS server which will perform the
actual recursion of the Internet namespace from the root down.
3) Rememember that servers, including DNS servers and especially
DCs are "DNS clients" too - so rule #1 applies.
Here's my standard AD support for DNS message:
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:
nltest /dsregdns /server:DC-ServerNameGoesHere
Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
-- Herb Martin > > > "Herb Martin" wrote: > > > "April" <April@discussions.microsoft.com> wrote in message > > news:4F535DD3-BB4E-40BA-97CB-D0BFE9C5EAA7@microsoft.com... > > > > > > > > > Just thought that once you set a machine as a forwarding server, it's > > > behavior might get changed when receiving an iterative query. So you are > > > saying that's not the case? > > > > No. > > > > I have said it above but the terms are confusing. > > > > An iterative query really means, "Tell me if YOU > > know the answer, otherwise don't bother." > > > > A recursive query says, "Tell me if you know or > > if you can find the answer through physical recursion, > > or forwarding, or by witchcraft but I really need > > you to answer it for me if there is a way that you support." > > > > Now there is a check box on the forwarding server, > > on the Forwarders tab below where you set the forwarders, > > and it allows you to disable (physical) recursion -- > > "do not use recursion" is the label I believe -- This > > means the forwarding server either KNOWS the answer > > or is dependent on the Forwarder DNS to find it. > > > > This setting is GOOD for DCs who should forward ONLY > > for names outside the LAN -- forward to the gateway or > > ISP DNS and don't even try to recurse (physically) on > > their own. > > > > There is another setting in the Advanced tab where it > > says "Disable recursion" in Windows 2000, but it really > > means Disable the servicing of recursive queries because > > it also disables forwarding from this server -- it was so > > confusion they change it in Win2003 to say (something like) > > "Disable Recursion including Forwarding." > > > > This latter setting should seldom be used except by those > > who really know the precise behavior they wish -- e.g., > > for an INTERNET exposed authoritative server that should > > NOT be servicing recursive queries for which it does not > > know the answer. In other words, it services it's own > > zone(s) ONLY. > > > > > > -- > > Herb Martin > > > > > > > > > > Thanks for the offer. > > > > > > "Herb Martin" wrote: > > > > > > > "April" <April@discussions.microsoft.com> wrote in message > > > > news:B9DAC5CC-9A06-4793-906E-166EAA031D13@microsoft.com... > > > > > Thanks guys for trying to help. > > > > > > > > > > I believe I'm not confused by the terms, ;-) > > > > > > > > Good but be quick to ask for clarification or > > > > do what you are doing here and just state it so > > > > we can check for you.... > > > > > > > > > Is this statement true? > > > > > > > > > > "A forwarding server will issue a recursive query to the forwarder, > > after > > > > it > > > > > cannot find an answer locally, regardless the original query type sent > > to > > > > the > > > > > forwarding server". > > > > > > > > Terminology looks fine but that should not happen. > > > > > > > > If you query a server with a non-recursive, i.e., iterative, > > > > request, it should neither forward nor perform physical > > > > recursion. > > > > > > > > This is part of the confusion between packet/request type > > > > and the server's settings. > > > > > > > > A server set to disable serving recursive requests will > > > > (generally) not forward either. > > > > > > > > > > > > > I have n a design issue at hand and need to clarify this first. > > > > > > > > You might just try the design issue to get faster and more > > > > focused help. > > > > > > > > You can also call me if you wish....phone number is on > > > > my website: http://www.LearnQuick.Com > > > > -- > > > > Herb Martin > > > > > > > > > > > > > > > > > > > > > > > "Herb Martin" wrote: > > > > > > > > > > > > "Roger Abell" wrote: > > > > > > > > > > > > > > > The config of a DNS server to use forwarders, and the > > > > > > > > config of allowing it to accept interative only or recursive > > > > > > > > queries are two separate, independent config options. > > > > > > > > The forwarding server just forwards on the accepted > > > > > > > > query and returns the result obtained from its forwarder. > > > > > > > > > > > > > > > > > > > > "April" <April@discussions.microsoft.com> wrote in message > > > > > > news:7BAD1828-1829-4EF0-BB72-616B93E57D42@microsoft.com... > > > > > > > > > > > > > > The question in this situation actually is, will the forwarding > > server > > > > > > > answer an iterative request with a recursive response > > (forwarding)? > > > > > > > > > > > > Roger is correct and you are still conflating the > > > > > > a couple of issues: an interative and a recursive > > > > > > query are not the same (nor the same issue) as > > > > > > recursion, forwarding etc. > > > > > > > > > > > > The former (query type) is how the actual packet > > > > > > is marked -- whether it requests recurion or not. > > > > > > > > > > > > Typically clients make their queries this way and > > > > > > DNS servers which are performing their own > > > > > > RECURSION do not -- they don't request recursion > > > > > > since they are doing it themselves. > > > > > > > > > > > > Whether the queries servers are WILLING to do the > > > > > > recursion (directly) or forward (to another DNS > > > > > > server) or merely refuse such requests is actually > > > > > > a separate issue. > > > > > > > > > > > > Normally a server will NOT recurse when it receives > > > > > > an iterative query (nor forward) as it assumes the > > > > > > requester wants a direct answer or nothing. > > > > > > > > > > > > However, a server set to disable recursion will not > > > > > > recurse just because the packet requests it. > > > > > > > > > > > > BTW, is there some underlying question or problem > > > > > > you are really trying to solve? > > > > > > > > > > > > -- > > > > > > Herb Martin > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > Roger Abell > > > > > > > > Microsoft MVP (Windows Security) > > > > > > > > MCSE (W2k3,W2k,Nt4) MCDBA > > > > > > > > "April" <April@discussions.microsoft.com> wrote in message > > > > > > > > news:F69342EA-FB22-4EF1-8386-962B44FE059B@microsoft.com... > > > > > > > > > Does a forwarding server answer iterative queries, i.e. > > letting > > > > other > > > > > > name > > > > > > > > > servers use its forwarders, or only it can answer recursive > > > > queries, > > > > > > from > > > > > > > > its > > > > > > > > > client resolvers? > > > > > > > > > > > > > > > > > > Got this question recently. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: April: "Re: Using Forwarders"
- Previous message: Peter: "Re: hoto setup a backup/2nd DNS server"
- In reply to: April: "Re: Using Forwarders"
- Next in thread: April: "Re: Using Forwarders"
- Reply: April: "Re: Using Forwarders"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
