do I need to configure Forwarder in my AD DNS???

  • Thread starter Thread starter Mail Man
  • Start date Start date
M

Mail Man

We have 2 DNS one Public and other is Local for Active Directory and
resolve LAN names
My users access the Internet via proxy server
Is it good practice not to configure my Local DNS to forward Query (if
failed to resolve it) to Public DNS?
Since the users relying in Proxy to solve external names
Thanks 4 your time
 
Mail said:
We have 2 DNS one Public and other is Local for Active Directory and
resolve LAN names
My users access the Internet via proxy server
Is it good practice not to configure my Local DNS to forward Query (if
failed to resolve it) to Public DNS?
Since the users relying in Proxy to solve external names
Thanks 4 your time
Click to expand...

This will cause you problems. All servers and workstations should specify
*only* the internal AD-integrated DNS server's IP address in their network
settings. The AD-integrated DNS server should be set up with forwarders to
your ISP's DNS servers for external resolution. See
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202 for more
info.
 
As you say, since the proxy server is handling your user's needs for
external access you probably don't need forwarding.

You could choose not to configure forwarding as a security measure or you
could choose to configure it just in case any client ever tries to use it
for some reason. It's up to you.
 
In
Mail Man said:
We have 2 DNS one Public and other is Local for Active Directory and
resolve LAN names
My users access the Internet via proxy server
Is it good practice not to configure my Local DNS to forward Query (if
failed to resolve it) to Public DNS?
Since the users relying in Proxy to solve external names
Thanks 4 your time
Click to expand...

Since you have an Active Directory domain, internal clients cannot use the
proxy for external DNS. All clients must still use the internal DNS for all
DNS requests. You can configure your internal DNS to use the proxy for its
forwarder.
 
In
Mail Man in said:
We have 2 DNS one Public and other is Local for Active Directory and
resolve LAN names
My users access the Internet via proxy server
Is it good practice not to configure my Local DNS to forward Query (if
failed to resolve it) to Public DNS?
Since the users relying in Proxy to solve external names
Thanks 4 your time
Click to expand...

Keep the root. Follow the other suggestions. Just make sure the Proxy can
resolve externally.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroup so all
can benefit. This posting is provided "AS-IS" with no warranties and
confers no rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Back
Top