Any suggestion on DNS setup

[Tony]

i have 2 LANs on the same seqment (same IP range) by bridge.

each LAN (A & B) has a DNS server, LAN A is direct connecting with internet.

LAN A has primary DNS server w/ a number of domains (local + its owned
internet web site).
IF workstations in LAN A find no record in primary DNS server, then the
primary DNS will forward to ISP DNS server.

LAN B has secondary DNS server w/ only local domain record. the DNS server
was set up by wizard. It only copied the local domain records by
sychonization with primary DNS server.

How should i set LAN B at its best efficiency?
a. local domain records only, route unknown DNS request to primary DNS
b. local domain records only, route unknown DNS request to primary DNS (1st
DNS) and then ISP DNS server (2nd DNS)
c. local domain records & its own internet web site, route unknown DNS
request to primary DNS.
d. local domain records & its own internet web site, route unknown DNS
request to primary DNS (1st DNS) and then ISP DNS server (2nd DNS).

it seems b & d (DNS request to primary DNS and ISP DNS server) are no use
because request goes to primary DNS, then if there is no record, the primary
DNS server will route to ISP DNS server. therefore DNS server at LAN B
never route record to ISP DNS server (2nd DNS)

is it right? Grateful for any suggestion. thanks a lot.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

i have 2 LANs on the same seqment (same IP range) by
bridge.

each LAN (A & B) has a DNS server, LAN A is direct
connecting with internet.

LAN A has primary DNS server w/ a number of domains
(local + its owned internet web site).
IF workstations in LAN A find no record in primary DNS
server, then the primary DNS will forward to ISP DNS
server.

LAN B has secondary DNS server w/ only local domain
record. the DNS server was set up by wizard. It only
copied the local domain records by sychonization with
primary DNS server.

How should i set LAN B at its best efficiency?
a. local domain records only, route unknown DNS request
to primary DNS
b. local domain records only, route unknown DNS request
to primary DNS (1st DNS) and then ISP DNS server (2nd DNS)
c. local domain records & its own internet web site,
route unknown DNS request to primary DNS.
d. local domain records & its own internet web site,
route unknown DNS request to primary DNS (1st DNS) and
then ISP DNS server (2nd DNS).

it seems b & d (DNS request to primary DNS and ISP DNS
server) are no use because request goes to primary DNS,
then if there is no record, the primary DNS server will
route to ISP DNS server. therefore DNS server at LAN B
never route record to ISP DNS server (2nd DNS)

is it right? Grateful for any suggestion. thanks a lot.

There is one big unknown, is Active Directory involved and if it is, is this
one Active Directory domain or two?
If so, how is the AD namespace for these two "LANs" designed?
The answer to this will make a bigger impact than anything you mentioned.

 

[tony wong]

Yes, it is only one active directory domain, only one namespace for these 2
LANs(can i say it is one LAN cos they are on the same segment IP range)
thanks a lot.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Yes, it is only one active directory domain, only one
namespace for these 2 LANs(can i say it is one LAN cos
they are on the same segment IP range) thanks a lot.

If this is one AD domain and both DNS server are on DCs (recommended)
instead of using Primary and Secondary zones, you should use Active
Directory integrated zones. Then the zones will get replicated to both DCs
with no action from you. Then in that case _BOTH_ DNS servers should forward
to the ISP and certainly _not_ to each other.

It is really that simple since they are on the same network segment.

 

[Herb Martin]

Yes, it is only one active directory domain, only one namespace for these 2
LANs(can i say it is one LAN cos they are on the same segment IP range)
thanks a lot.

Sure. It's one LAN when you have no "routers" or even
if you have multiple segments/subnets with Ethernet
connections must people call that a LAN.

If you have them "BRIDGED" is it in principle a single
SEGMENT/SUBNET, not just a single LAN (which might
be multiple subnets.)

For best "efficiency" you usually wouldn't BRIDGE them
but if it meets you needs then there is nothing wrong with
bridging in principle.

You cannot "route" DNS (term isn't used) but must either use
"recursion" (top down searches) or "forwarding" (first DNS
forwards to another which does the actual recusion).

You also want to MENTALLY separate the following DNS server goals:

1) Helping your user resolve (all) records
2) Helping the "world of" users resolve your resources

They are TWO SEPARATE jobs even if the same server does both
(common.)