Mark N. said:
Hey, what about my Domain Controllers? And any DCs in a child domain?
Should they all point to just my internal DNS server in the root domain?
They should all point to your primary AD integrated DNS, *especially* your
domain controllers. Your DNS should be setup with forwarders pointing to
your ISP's DNS if you need them.
http://support.microsoft.com/default.aspx?scid=kb;en-us;291382
Question: Why do I have to point my domain controller to itself for DNS?
Answer: The Netlogon service on the domain controller registers a number of
records in DNS that enable other domain controllers and computers to find
Active Directory-related information. If the domain controller is pointing
to the Internet service provider's (ISP) DNS server, Netlogon does not
register the correct records for Active Directory, and errors are generated
in Event Viewer. The preferred DNS setting for the domain controller is
itself; no other DNS servers should be listed. The only exception to this
rule is with additional domain controllers. Additional domain controllers
in the domain must point to the first domain controller (which runs DNS)
that was installed in the domain and then to themselves as secondary.
Question: Should I point the other Windows 2000-based and Windows Server
2003-based computers on my LAN to my ISP's DNS servers?
Answer: No. If a Windows 2000-based or Windows Server 2003-based server or
workstation does not find the domain controller in DNS, you may experience
issues joining the domain or logging on to the domain. A Windows 2000-based
or Windows Server 2003-based computer's preferred DNS setting should point
to the Windows 2000 or Windows Server 2003 domain controller running DNS.
If you are using DHCP, make sure that you view scope option #15 for the
correct DNS server settings for your LAN.
