General discussion

Locked

DNS

By jarif93 ·
Hi
we have a small office(30pc+server)we use our ISP DNS server.
can we use same server with active directory, instead of internal dns. can i point active directory to isp dns server.
we dont wnat set up internal server when we can use the isp dns server.
thanks.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

DNS

by d.walker5 In reply to DNS

Yor could, but it's exposes your internal network to the internet. It's best to always maintain a seperate DNS.

Collapse -

DNS

by Joseph Moore In reply to DNS

AD needs some specific DNS records for clients to be able to reach a domain controller and authenticate. Specifically, the SRV RR records.
If you tried to use your ISP's DNS servers instead of running DNS on an AD server (or a DNS server set up just for AD), than your clients will not be able to find a domain controller, unless you got your ISP to put in the DNS records your AD domain will need.
And your ISP will say no to this request.
So, here is what you should do. Install DNS on the AD server (run the DNS install DURING the AD install, IMHO). During this, a single DNS zone will be built for your AD domain. It will contain the correct records for the global catalog, domain controllers, LDAP records, etc.
You then configure the DNS server on your AD box to use Forwarders, and put the IP addresses of your ISP's DNS servers in.
Then, you configure your clients to use the IP address of this DNS/AD server as their single DNS server.
When your clients try and resolve SOMETHING.YOURDOMAIN.COM it will resolve using the internal DNS on your AD box. That is good.
Then, when your clients resolve SOMETHING.SOMEWHEREELSE.COM, this request will hit your DNS/AD box, which will Forward it onto the ISP DNS server. The reply will then come back from the ISP, to your server, and then onto the client.

It works.

hope this helps

Collapse -

DNS

by cul8rm8e In reply to DNS

last post sounds about right but for, should i say simple issue? when you first run DCPROMO to create a DC at the root of the forest you will automatically create this server as a ROOT server of the domain and at this point wont be able to create a DNS forwarding to allow to resolve external web sites through your ISP`s DNS.

what you have to do once setup is open your DNS console,expand your forward lookup zones and delete your cache entry (directly above your (xx.mydomain.com and reboot your server,at this point you will be able to create a forwarder to your ISP`s DNS server for resoluton.

just my little piece!

Back to Windows Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums