DNS Client configuration

  • Thread starter Thread starter Lee Messenger
  • Start date Start date
L

Lee Messenger

Hi, I'm having an argument with a colleague regarding the pri and sec dns
settings on my client PC's. My 2003 forest is setup like this

3 domains. abc.com child1.abc.com chld2.abc.com

My DNS Servers in the root domain have delgations for the 2 child domains,
and also 2 stub zones for 2 other external DNS namespaces.

My child DNS servers are set to forward to the root DNS servers for requests
for my other DNS zones except internet which goes out to the internet
locally.

I think the best way to configure the client is:
pri DNS server: local DNS server
sec DNS server nearest root DNS server

My colleague thinks it should be

pri DNS server local DNS server
sec DNS server nearest DNS server in same domain
as local DNS server

The topology is hub and spoke and so all root DNS are only one hop away,
there is also a child domain DNS server in the hub as well.

My feeling, among other reasons, is that using the root DNS server as
secondary is more stable, seeing as this server will just sit there most of
the time doing nothing

Any thoughts would be appreciated

LM
 
In
Lee Messenger said:
Hi, I'm having an argument with a colleague regarding the pri and
sec dns settings on my client PC's. My 2003 forest is setup like this

3 domains. abc.com child1.abc.com chld2.abc.com

My DNS Servers in the root domain have delgations for the 2 child
domains, and also 2 stub zones for 2 other external DNS namespaces.

My child DNS servers are set to forward to the root DNS servers for
requests for my other DNS zones except internet which goes out to the
internet locally.

I think the best way to configure the client is:
pri DNS server: local DNS server
sec DNS server nearest root DNS server

My colleague thinks it should be

pri DNS server local DNS server
sec DNS server nearest DNS server in same domain
as local DNS server

The topology is hub and spoke and so all root DNS are only one hop
away, there is also a child domain DNS server in the hub as well.

My feeling, among other reasons, is that using the root DNS server as
secondary is more stable, seeing as this server will just sit there
most of the time doing nothing

Any thoughts would be appreciated

LM
Click to expand...
This is going to be a matter of opinion but I would point to the two closest
DNS servers in the same domain. But on the child DNS server you should check
the "Do not use recursion" box to prevent them from using root hints to
resolve names in the other child domains. The only way a child can resolve
another child is to find its delegation in the parent zone. Unless it can
find its parent from the root hints, it is the only way to find the other
child zones with out having secondary of all children on each of the child
DNS servers.
Of course there is the option of having a secondary of the parent on all the
child DNS servers which is probably the most common if there is a great
geographical difference in there locations. In that case there is no need to
forward to the parent. The parent DNS is probably going to be busy enough as
it is without an untold number of child DNS servers using it as a forwarder.

Oh and by the way, your terminology is incorrect they are Preferred and
Alternate DNS, Primary and Secondary refer to the type of zones in their
scope of authority primary zones are the writable zones and secondary are
read only copies of primary zones.
 
As Kevin stated, this is a matter of opinion. If I were to do it, I'd point the clients to the closest DNS servers in the same domain. If
there isnt' another DNS server in the same domain, then point it at the root. The root servers may be busier than you think
depending on what other roles they will perform.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from
which they originated.
 
Back
Top