How To Configure Root Hints vs. Forwarding for Locations Having Different Internet Gateways
- From: "Scottmc9" <scottmc9@xxxxxxxxx>
- Date: 14 Sep 2005 07:08:22 -0700
My question concerns proper settings for Server 2003 DNS root hints
and/or forwarding to "All other DNS domains." We have multiple
locations within the US, Canada and Latin America in a single domain
called AM.DIR.CORP.COM A single DC for that domain is also placed at
our parent company's headquarters in Europe. The parent company also
hosts the forest root domain.DIR.CORP.COM and European domain
EU.DIR.CORP.COM.
I am aware of the need to remove the standard root name servers from
root hints and substitute our own internal DNS or DNS-proxy servers to
get to the Internet. Our own internal DNS-proxy servers are configured
to use our ISP name servers for external name resolution. The problem
is that there is not just a single Internet gateway of last resort
within the AM.DIR.CORP.COM domain. Different locations use the
addresses of different DNS-proxying firewall LAN-facing interfaces. Do
I therefore need to populate the root hints with each and every such
DNS-proxying firewall in the entire domain? If so, won't that result in
a considerable degree of needless external name resolution traffic to
gateways which are not specific to the client resolver in question?
Does the subnet ordering option in the DNS server cause the name
resolution requests to go to the correct gateway address instead of to
all the addresses? If not, is it possible to selectively direct client
requests at different locations within the domain for external name
resolution to specific DNS-proxying firewall addresses? How is that
accomplished?
Or is my approach mistaken and should I be configuring forwarders for
"All other DNS domains" rather than root hints on each local domain
controller using the IP address of its own particular gateway or
gateways (some locations have two load-balanced Interent gateways) of
last resort?
Here is an example:
Site in St. Louis on 192.168.100.0/24 uses DNS-proxying firewall
interface 192.168.100.253 as Internet gateway of last resort.
Site in Omaha on 192.168.20.0/24 uses DNS-proxying firewall interface
192.168.20.253 as Internet gateway of last resort.
Site in Rio de Janeiro Brazil on 192.168.52.0/24 uses DNS-proxying
firewall interfce 192.168.52.253 as Internet gateway of last resort.
My goal is to minimize the amount of unnecessary traffic without
compromising external name resolution performance.
.
- Prev by Date: Web site viewable from outside office but not on Lan
- Next by Date: Re: ping and tracert to unknown host returns 127.0.0.1
- Previous by thread: Web site viewable from outside office but not on Lan
- Next by thread: Re: How To Configure Root Hints vs. Forwarding for Locations Having Different Internet Gateways
- Index(es):
Relevant Pages
|
