DNS forwarders and Exchange external DNS servers

  • Thread starter Thread starter DB
  • Start date Start date
D

DB

Quick question...

Should I have my ISP DNS servers listed as "Forwarders" in DNS and
under "External DNS" on Exchange 2003?

All my DNS and Exchange 2003 servers are behind my firewalls on
private VLANS.

Everything works without them but when researching many people
recommend that you do this.

If so why?

I have about 12 2003 DNS servers and 10 Exchange Enterprise 2003
Servers (worldwide)
 
In
DB said:
Quick question...

Should I have my ISP DNS servers listed as "Forwarders" in DNS
and
under "External DNS" on Exchange 2003?

All my DNS and Exchange 2003 servers are behind my firewalls on
private VLANS.

Everything works without them but when researching many people
recommend that you do this.

If so why?

I have about 12 2003 DNS servers and 10 Exchange Enterprise 2003
Servers (worldwide).
Click to expand...

I think there are mutliple questions here. :-)

The proper recommendation for AD and Exchange to properly function is to use
only your internal DNS servers that host the AD zone. I'm not sure how you
have it currently setup for Internet resolution, but I'm hoping that you are
not using your ISP's DNS addresses in any machine IP properties (or errors
are guaranteed to occur), no matter what the AD topology.

For Exchange, you mean in SMTP properties? Sure, if you want, or just point
to the internal DNS server which will forward out the queries anyway with
the forwarder in the above question. But then again, it depends.

Once again, I'm not sure of your current topology, number of domains,
delegation, etc, so a blatant "must use forwarders to the ISP" will not be a
straight forward blanket answer for all scenarios. If you are using
delegation for child domains, the idea is to forward back to the root, and
from the root, forward to the ISP. If using stub zones (more efficient than
delegation), I would forward back as well to the root.

So the proper response is, it depends on your network and AD topology.

If you can comment and elaborate on your AD and network topology, I can or
if anyone else responds sooner, we can give you recommendations.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
thank you.

To elaborate

Yes this is two questions about DNS - one relating to putting
forwarders in my internal DNS servers for external name resolution and
the other about putting external DNS servers in the SMTP properties on
my Exchange servers.

All desktops and servers use internal DNS servers. I have one primary
DNS server and many secondaries pulling from it. I also do not us AD
integration of DNS and I have just one AD domain.

There are many opinions that by adding the forwarders in SMTP and on
the DNS servers themselves that things will work better and I cannot
find a definitive answer on this.
 
In
DB said:
thank you.

To elaborate

Yes this is two questions about DNS - one relating to putting
forwarders in my internal DNS servers for external name resolution and
the other about putting external DNS servers in the SMTP properties on
my Exchange servers.

All desktops and servers use internal DNS servers. I have one primary
DNS server and many secondaries pulling from it. I also do not us AD
integration of DNS and I have just one AD domain.

There are many opinions that by adding the forwarders in SMTP and on
the DNS servers themselves that things will work better and I cannot
find a definitive answer on this.
Click to expand...

If they area all in one domain and they are all DCs, AD Integration would be
to your benefit in contrast to one Primary and many secondaries.

Yes, forwarders individually in your scenario would also be beneficial since
it will increase resolution efficiency. Primarily, you are forcing your
ISP's DNS to do the lookups, and not your server. This has been discussed
here on numerous occasions. If you search thru the threads, you may find
some of these discussions, unless the posts have expired.

If you likeot have the Exchange SMTP virtual servers to use the ISP's, that
is a personal choice. In most cases, unless there's a proxy involved, I
would just let the machines' IP properties DNS settings handle resolution
for the Exchange servers.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Back
Top