Using 4.2.2.2 and 4.2.2.1 as forwarders
Bob
Is this recommended or not? I suppose it depends on how close you are to
these servers, but I was looking for a more general recommendation. The
reason I ask is that I have a few clients using these as forwarders and I
have seen numerous instances where certain domains, primarily Microsoft ones,
failed to resolve. Has anyone else seen issues with these DNS servers? Any
opinions on their usage?
Meinolf Weber [MVP-DS]
You should never use external DNS servers on the NIC configuration in your
domain machines. Use only domain internal DNS servers and configure the FORWARDERS
in the DNS server properties of the DNS management console.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Michael D. Ober
news:ff16fb66117598...@msnews.microsoft.com...
Meinolf,
Although you are correct that domain clients should use the domain dns
servers only for name resolution, you didn't answer the underlying question
of 4.2.2.2 and 4.2.2.1 as reliable forwarders. These two servers are owned
by Verizon Trademark Services LLC, so the question is, do you trust Verizon
to provide accurate forwarding information?
Personally, I don't use forwarders. I'd rather let the root servers do
their jobs. The time saved by using forwarders is miniscule, especially
when you realize that the bulk of the time it takes to download a web-page
is the actual transfer of data from the web server.
Mike.
DevilsPGD
Why are you using forwarders at all, why not let your DNS servers do the
lookups themselves?
![Ace Fekay [Microsoft Certified Trainer]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXqqVhI7EaT7_gXkhFKCFQ8nhaZIbo-OzClrbzK6ofJwb4uPA=s40-c)
Ace Fekay [Microsoft Certified Trainer]
Michael D. Ober <obermd.@.alum.mit.edu.nospam.> requesting assistance, typed
the following:
> Meinolf,
>
> Although you are correct that domain clients should use the domain dns
> servers only for name resolution, you didn't answer the underlying
> question of 4.2.2.2 and 4.2.2.1 as reliable forwarders. These two
> servers are owned by Verizon Trademark Services LLC, so the question
> is, do you trust Verizon to provide accurate forwarding information?
>
> Personally, I don't use forwarders. I'd rather let the root servers
> do their jobs. The time saved by using forwarders is miniscule,
> especially when you realize that the bulk of the time it takes to
> download a web-page is the actual transfer of data from the web
> server.
> Mike.
I've used 4.2.2.2 for years as a second in the list forwarder. It works
fine. You can test it with nslookup using the -d2 option. I use another one
as the first, but I do not want to post it in the forum. You can use
4.2.2.2, 4.2.2.1, as well as 4.2.2.3.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
Microsoft Certified Trainer
For urgent issues, you may want to contact Microsoft PSS directly.
Please check http://support.microsoft.com for regional support phone
numbers.
Meinolf Weber [MVP-DS]
I never used this as forwarders. So i can not tell you about this special
DNS servers or Verizon. The advantage of using forwarders, especially if
you have a big network, with lot's uf users using the internet, you bring
the load to the DNS server outside your network, if you use root hints, the
domain DNS server does the complete work.
DevilsPGD
Weber [MVP-DS] <meiweb(nospam)@gmx.de> was claimed to have wrote:
>I never used this as forwarders. So i can not tell you about this special
>DNS servers or Verizon. The advantage of using forwarders, especially if
>you have a big network, with lot's uf users using the internet, you bring
>the load to the DNS server outside your network, if you use root hints, the
>domain DNS server does the complete work.
My thinking here is that if your organization is large enough that your
DNS traffic is significant enough to care about, you should probably
have all of your internal DNS servers using forwarders, pointing to DNS
servers in an edge role that perform your own DNS lookups.
If you don't have enough DNS load to justify dedicated resolvers you
probably don't have enough load that you'll even notice the difference
if your internal DNS does all resolution without forwarders.
You could rely on your ISP, but frankly, DNS is far too critical to
trust someone outside, and ISPs don't seem to stress much about broken
DNS. My experience has been that broken or overloaded DNS servers are
fairly common, DNS at connectivity providers is often treated as a "set
it and forget it", with the only troubleshooting being an occasional
reboot. This also doesn't count the ISPs that think it's a smart idea
to replace NXDOMAIN results with their own IPs that offer advertising on
port 80.
oz.ozugurlu
Meinolf has already answered your question. IF you want your DNS server to
perform the heavily lifting go for it. Many people use their ISP DNS as their
forwarders.
Forwarders and root hints can be uses together (win03-08) as redundancy,
fist forwarders and if it fails root hints second. If you are running one or
two DC’s for small client the DNS traffic is not such a big deal. If your DNS
servers getting pounded over thousands recursive queries the heavy listing
start into consideration.
http://support.microsoft.com/kb/291382
The root hint server can provide a level of redundancy in exchange for
slightly increased DNS traffic on your Internet connection. Windows Server
2003 DNS will query root hints servers if it cannot query the forwarders.
IF the network is in secure premises government etc, the security will tell
you where to point it too and you have no choice anyway
--oz
--
Oz Ozugurlu
MVP (Exchange)
MCITP (EMA), MCITP (EA),MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
o...@SMTp25.org
http://smtp25.blogspot.com (Blog)
Chris
wrote:
> DevilsPGD ,
> Meinolf has already answered your question. IF you want your DNS server to
> perform the heavily lifting go for it. Many people use their ISP DNS as their
> forwarders.
>
> Forwarders and root hints can be uses together (win03-08) as redundancy,
> fist forwarders and if it fails root hints second. If you are running one or
> two DC’s for small client the DNS traffic is not such a big deal. If your DNS
> servers getting pounded over thousands recursive queries the heavy listing
> start into consideration.
>
> http://support.microsoft.com/kb/291382
>
> The root hint server can provide a level of redundancy in exchange for
> slightly increased DNS traffic on your Internet connection. Windows Server
> 2003 DNS will query root hints servers if it cannot query the forwarders.
>
> IF the network is in secure premises government etc, the security will tell
> you where to point it too and you have no choice anyway
> --oz
>
> --
> Oz Ozugurlu
> MVP (Exchange)
> MCITP (EMA), MCITP (EA),MCITP (SA)
> MCSE 2003, M+, S+, MCDST
> Security+, Project +, Server +
>
>
> "DevilsPGD" wrote:
> > In message <A6C94179-47ED-4224-9F35-236493ABA...@microsoft.com> Bob
> > <B...@discussions.microsoft.com> was claimed to have wrote:
>
> > >What is the general opinion on the use of 4.2.2.2 and 4.2.2.1 as forwarders?
> > >Is this recommended or not? I suppose it depends on how close you are to
> > >these servers, but I was looking for a more general recommendation. The
> > >reason I ask is that I have a few clients using these as forwarders and I
> > >have seen numerous instances where certain domains, primarily Microsoft ones,
> > >failed to resolve. Has anyone else seen issues with these DNS servers? Any
> > >opinions on their usage?
>
> > Why are you using forwarders at all, why not let your DNS servers do the
> > lookups themselves?
I've used 4.2.2.1 as tertiary and also when I'm at a client's site
and the ISP's DNS servers are unknown. I've never had issues. I'd
rather use the ISP's DNS servers as they are many less hops away
therefore the response should be faster, but not always depending on
the load of the ISP's DNS servers (Some of my clients have terrible
ISP's). Also, I've been a small fan of opendns.com which I use as a
forwarder for my home network. It blocks many malware/spyware sites.
I'm unsure if they are tracking my browsing habits by storing my DNS
requests but I don't really care as it's my home network.