Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Set up secondary

0 views
Skip to first unread message

Perry Perdijk

unread,
Jul 13, 2005, 9:07:50 AM7/13/05
to
Hi ,
I installed a secondary dns server on my network.
I got 2 questions about the forwarders on the secondary dns..Do i need to
fill in forwarders? And wich one , the adress of the primary dns server or
our isp dnsserver ?

Also , in the network tcp ip propertie's of the backupdomain controller,
wich preffered dns server i use there? Is that again the primary dns server?

Thx
perry


Herb Martin

unread,
Jul 13, 2005, 2:50:25 PM7/13/05
to

"Perry Perdijk" <pe...@perdijk.com> wrote in message
news:O7MWjs6...@TK2MSFTNGP09.phx.gbl...

> Hi ,
> I installed a secondary dns server on my network.
> I got 2 questions about the forwarders on the secondary dns..Do i need to
> fill in forwarders?

If you need forwarders -- sorry but this is the only "real" answer.

Chances are you need the Secondary to resolve "the Internet" and
do NOT want it to go out on the Internet to look for itself OR you
wish to take advantage of the efficiency typical with a forwarder
-- so you would LIKELY want to use a forwarder on the internal
DNS (whether it is a secondary or not.)

So in most cases, yes, you should set the forwarders.

> And wich one , the adress of the primary dns server or
> our isp dnsserver ?

The correct one -- really again, it depends on what you have available.

Usually best is the (caching only) DNS server at your Firewall/DMZ
but you might not have that. Some people use the ISP (there are cautions
about this but it is a very common practice.)

> Also , in the network tcp ip propertie's of the backupdomain controller,
> wich preffered dns server i use there? Is that again the primary dns
server?

Usually it is best that each DNS server (DC or not) use itself as preferred,
and other close DNS servers as secondary etc. (There is a lot of
misleading
info around about this however due to a way to solve a temporary problem
which involves pointing all of the DNS servers at the "favored Primary".)

DNS client settings (DCs and DNS servers themselves are DNS clients)
should be set to the DNS server that gives the CORRECT answers, and when
there is more than one choice the "most efficient" which is usually itself.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


Steve Duff [MVP]

unread,
Jul 13, 2005, 2:36:54 PM7/13/05
to
You do not need to configure any forwarders in most cases. The root hints that are supplied with the default DNS configuration are
enough to allow your DNS to resolve public Internet names without a forwarder.

If you do configure forwarders, they usually should point directly to the ISPs DNS. The exception would be where you need to resolve
other zones that are only defined in the primary - in which case you point the secondary DNS to forward through the first. This
defeats the redundancy benefits of a second DNS server since you are still dependent on the primary. In all situations you must
avoid configuring DNS servers that forward to each other, or in some type of loop.

The domain controllers and all other machines in your domain must ONLY point to internal DNS servers that can answer AD queries for
your domain. If your ISPs DNS IP address appears anywhere on your network, it therefore can only appear as a forwarder.

Normal practice is to list the "closest" DNS first (nework-wise), and others as additional DNS servers as backups. Alternative DNS
servers will only be used if the first fails to respond.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

"Perry Perdijk" <pe...@perdijk.com> wrote in message news:O7MWjs6...@TK2MSFTNGP09.phx.gbl...

Perry Perdijk

unread,
Jul 14, 2005, 7:20:32 AM7/14/05
to
Thx for your fast answers .. This clears things up !!

Thx
perry
"Herb Martin" <ne...@LearnQuick.com> schreef in bericht
news:%23T%23qSw9h...@TK2MSFTNGP09.phx.gbl...

0 new messages