+ 0 Votes Reponse To Answer Donbans_z June 24, 2013 at 12:27pm PST Hi Charles.... 1. Yes DNS/DHCP should be localized within the domain to improve the efficiency of the network system. 2. Pointing to a DNS external to your domain (but within a AD Forest) I believe has zero security issues. Remember, in a Windows AD environment Windows DNS and DHCP servers have to be authorized within the AD Forest for the services to run... otherwise, these services would not run. Secondly, users??? Users should not even know what is going on in their ip settings... so no... they would not be confused. General, the placement of DNS/DHCP servers in a Windows AD environment should not be considered based on domains in an AD forest. It should be based on sites, network link / bandwidth and your overall company resources. A single DNS Server within a forest can serve all DNS needs. But one will be stupid to do so for redundancy purposes. So it is always good to have multiple... a second. If bandwidth and other resources (another server, energy consumption, memory and processing capability of the other server, etc.) is not an issue, then put a DNS server in every site (geographic location) and not domain. If you have multiple domains but just a single site, two DNS servers are just OK. Please do not misunderstand / get confused about the role of DNS/DHCP servers within your corporation. DNS servers are just pointers to resources within your forest/domains. It is an address resolution / service locator service...based on a client/server query/response model. It therefore is best located taking bandwidth and redundancy highly in to consideration. I hope this clarifies DNS/DHCP for you!