Re: Router pointing to Windows DNS Server: OK?

In news:uV1PwUE2FHA.1028@xxxxxxxxxxxxxxxxxxxx,
Rich Roller <rich@*REMOVE-THIS*r2c.com> made this post, which I then
commented about below:
> Kevin,
>
> I tried your recommendations on my own home network and I think I did
> notice some of the speed differences between the two different
> configurations. It's hard to be 100% with quick testing but it seemed
> so. I will try it next on my customer's production network.
>
> So obviously the main thing that bugs me is the fault-tolerance issue.
> Before, each client machine had DNS#1=DC and DNS#2=ISP, which had some
> fault-tolerance. If I get rid of their DNS#2, your belief is that
> I'll see most/all their speed problems go away.
>
> But if instead I changed it so it was DNS#1=DC and
> DNS#2=router/gateway, would you expect that the speed problems would
> be similar. I think your answer will be YES but I figured I'd ask.
>
> I'm trying to come up with a way that, in the event of the Win Srvr
> failing, the clients would just automatically bypass it in order to
> resolve Internet queries, without me having to do anything.
>
> If this is not possible, then in the event of server failure, I would
> either have to temporarily re-enable DHCP Server function on the
> router (to allow them to use ISP DNS servers), or change each client
> so as to use static DNS. Both are not ideal and the latter obviously
> quite unattractive.
> Thanks again for your feedback.
>
> -Rich

Actually Rich, fault tolerance for the AD domain is important otherwise the
clients won't be able to logon, have super long logon times (up to 10
minutes), authenticate to resources, or send and receive email if using an
Exchange 2000 or 2003 system. From what you are saying, it *appears* that
your clients are using some external POP3 email service and not using
Exchange internally. Is that correct?

Having "fault tolerance" for AD means to list multiple DNS servers that ONLY
host or have a reference to the DNS servers hosting the AD DNS Domain name.
You can always setup a separate DNS server internally, whether it is on
another DC or a member server. Just insure that it is hosting a copy of the
zone whether thru AD Integrated zones on a DC, or as a secondary zone on a
non-DC. Configure a forwarder on each server to point to the ISP. This will
increase efficiency for your internal clients to "find" AD domain services
and for Internet resolution.

Also you must keep in mind the way the DNS client side resolver works. If
the first entry does not answer after a couple tries, then it is removed
from the "eligible resolvers list" and moves on to the next entry without
ever going back to the first entry unless the machine is either restarted,
set the TTL for the resolvers to 0, or restart the DNS Client service. Of
course restarting either the services or making reg changes are not the
recommended way to perform this. Now you can see why mixing internal and
external can be detrimental.

It's recommended to ONLY use the internal DNS servers in an AD environment
to insure AD functionality.

I hope that helps.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================


.

Relevant Pages

  • Re: ISA Server 2004
    ... I am assuming that the default gateway and DNS servers configured on the client ... Configure your DNS servers to not forward DNS requests to the Internet. ... Limit outbound access by not allowing your router (default gateway) to send client traffic directly to the Internet. ...
    (microsoft.public.isaserver)
  • RE: set up of small LAN
    ... Normally the client' PC's only need the the Windows DNS servers IP. ... Any external address requests will be forwarded to the root name ... This will allow you to use the Internet resources. ...
    (microsoft.public.windows.server.dns)
  • Re: When Configuring Forwarders, what IP Address do I use for DNS
    ... In Option of the Scope Options, what IP Address do I put in for DNS Servers? ... The internal client machines do not directly query the Internet DNS for sites out there on the Internet. ...
    (microsoft.public.win2000.general)
  • Re: to forward or not to forward??
    ... Is your proxy server blocking resolution to these sites now? ... > All client PC'S use a proxy server for internet access. ... > All client PC'S have DNS entries for our AD dns servers. ...
    (microsoft.public.windows.server.dns)
  • Re: RWW Disconnecting
    ... I understand that remote client encounts following error message when RWW ... I strongly suggest that we rerun the Configure E-mail and Internet ... 825763 How to configure Internet access in Windows Small Business Server ...
    (microsoft.public.windows.server.sbs)