Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- From: "Tony" <someone@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 3 Aug 2006 10:48:08 -0400
Thank you. I will need to configure forwarders at all the branches to go to
the two HQ DNS servers and remove the root hints from the branch DNS
settings. Thanks again.
"Anthony" <anthony.spam@xxxxxxxxxxxxxx> wrote in message
news:%23fgPRrwtGHA.1888@xxxxxxxxxxxxxxxxxxxxxxx
Root hints are simply a default list of external dns servers. In other
words, if you forget to configure anything, your DNS server will still
resolve external names. Root hints should be replaced by your intended
forwarders. There is a technique for removing the root hints, but as long
as you configure a forwarder I don't think you really need to bother.
If your administrators want only to allow the two central DC's to forward
externally, then you should configure your branch DC's to forward to the
two central ones. The root hints will be redundant. This is good because
it also allows the central DCs to host other DNS zones without having to
copy them out to all the branches.
Anthony
"Tony" <someone@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:uS4W7dwtGHA.1536@xxxxxxxxxxxxxxxxxxxxxxx
Hello everybody.
I am a little confused about AD-integrated DNS and root hints, &
forwarders and the best configuration for our environment.
The Internet firewall administrators want to restrict outbound access for
DNS (TCP/UDP port 53) down to the two root domain controllers at HQ
only - in other words, they only want the two root domain controllers at
HQ to be allowed to talk to any servers in the world regarding DNS - no
other servers.
Here is our current setup:
- Two W2K3 root domain controllers running AD-integrated DNS located at
HQ
- These two root DCs DNS are configured with four forwarders (to the
local ISP DNS servers) and the default root hints
- Eighteen branch offices each with single W2K3 DC with AD-integrated DNS
- The branch office DCs DNS is configured with default root hints only -
no forwarders
- The workstations at HQ point to both local DCs for all DNS resolution
- The workstations at branch offices point to a) local DC and b) one HQ
DC for DNS resolution
So, I believe we have the two root DC DNSs configured properly with both
forwarders and root hints. However, I'm confused about the DNS
configuration settings of the branch DCs. Will I need to setup forwarders
on them to point back to the two root DCs DNS servers at HQ? Will I also
need to remove the default root hint settings? Should I do anything else?
Thank you in advance.
Tony
.
- Follow-Ups:
- Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- From: Jorge Silva
- Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- References:
- Prev by Date: Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- Next by Date: Re: Access internal server from public internet
- Previous by thread: Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- Next by thread: Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- Index(es):
Relevant Pages
|
