Questions

DNS Question

+
0 Votes
Locked

DNS Question

demonjrules
This may be a dumb question but I am sort of new to the world of Servers/Networking. On our network we have a single domain controller that acts as the DNS server. All of the servers on the network have DNS pointing to that DNS server's local IP. Should I add an external DNS IP address to the non-dns server's secondary DNS entry in case the domain controller ever goes down?
  • +
    0 Votes
    cmiller5400

    Otherwise you won't be able to get to the internet Depends on how critical that is.

    +
    0 Votes
    JPElectron

    All Windows machines MUST use a domain controller as their DNS server.

    If you only have one domain controller, then you should only have the 1 IP of that system as the default DNS server. On that server, in the DNS server properties, you can forward to multiple DNS servers (your ISP, or Google DNS, etc.) as alternates.

    If you specify alternate (non-AD) DNS servers on client machines, and they will randomly switch to use those other DNS servers, then you will have problems with users logging on, reaching domain resources, changing their password, etc. - cause when the client workstation is not using the AD DNS server, it can't find domain resources. I see this miss-configured all the time, and people wonder why there network is slow or stops working randomly.

    You should REALLY invest in another AD server, and run DNS on it too, this way you have not only a backup of your AD, and can still process user logins if your primary server is down, but your users can all still browse the web if the primary server is down.

    THINK: What if you lost that 1 AD server today? Nobody could login, and your would have to rebuild it, restore from backup, possibly re-add all workstations to the new domain - that's all going to take some time on your part.

    +
    0 Votes
    demonjrules

    Thanks!

    +
    0 Votes
    CG IT

    humm , wonder what happened to the order of precedence in the advanced properties of the Network card [or DHCP options]?

    Users can use cached credentials to log in if a DNS server is unavailable, but may not be able to locate resources on the network "by name". However, with the primary DNS server unavailable, with no alternative DNS servers listed then access to the internet is impossible. There must be a DNS server which will forward unresolved queries to other DNS servers such as root hint servers.

  • +
    0 Votes
    cmiller5400

    Otherwise you won't be able to get to the internet Depends on how critical that is.

    +
    0 Votes
    JPElectron

    All Windows machines MUST use a domain controller as their DNS server.

    If you only have one domain controller, then you should only have the 1 IP of that system as the default DNS server. On that server, in the DNS server properties, you can forward to multiple DNS servers (your ISP, or Google DNS, etc.) as alternates.

    If you specify alternate (non-AD) DNS servers on client machines, and they will randomly switch to use those other DNS servers, then you will have problems with users logging on, reaching domain resources, changing their password, etc. - cause when the client workstation is not using the AD DNS server, it can't find domain resources. I see this miss-configured all the time, and people wonder why there network is slow or stops working randomly.

    You should REALLY invest in another AD server, and run DNS on it too, this way you have not only a backup of your AD, and can still process user logins if your primary server is down, but your users can all still browse the web if the primary server is down.

    THINK: What if you lost that 1 AD server today? Nobody could login, and your would have to rebuild it, restore from backup, possibly re-add all workstations to the new domain - that's all going to take some time on your part.

    +
    0 Votes
    demonjrules

    Thanks!

    +
    0 Votes
    CG IT

    humm , wonder what happened to the order of precedence in the advanced properties of the Network card [or DHCP options]?

    Users can use cached credentials to log in if a DNS server is unavailable, but may not be able to locate resources on the network "by name". However, with the primary DNS server unavailable, with no alternative DNS servers listed then access to the internet is impossible. There must be a DNS server which will forward unresolved queries to other DNS servers such as root hint servers.