Please help with dns question

By rlynch@lockhartcadillac. ·
Ive got an active directory environment as follows, Site A first dc to be brought up in forest, site B is new domain in same forest, and Site C is new domain in same forest. All is working well, but had a quick dns question. Each of these 3 domain controllers are the dns servers for theirs respected sites. I thought I read awhile back that the client machines should only have 1 dns server configured, and that being the domain controller/dns server at that location. So in my setup right now, if im at site B, and Site B’s domain controller/dns server goes down, they now have no dns server. Is it ok to add a secondary dns server to client machines, maybe assign site A’s server as the secondary to these Site B client machines? Does adding that secondary dns server to the client machine cause problems? Thanks in advance to the help???

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

It's normal to have multiple DNS servers for clients

by NaughtyMonkey In reply to Please help with dns ques ...

Adding a secondary DNS server will allow your clients to use the second DNS server if the first is unavailable.

Collapse -

Yes client machines can have multiple DNS servers

by markp24 In reply to Please help with dns ques ...


you can have a few DNS servers, i usually list out the followind DNS assignments in the dhcp server settings.
1 - dns on same site
2 - dns and hub data cneter
3 - isp dns (if applicable)
4 - open dns (if applicable)

Collapse -

Reponse To Answer

Thank you guys for quick response, have a great day.

Collapse -

Reponse To Answer

by gechurch In reply to Yes client machines can h ...

I agree with the first two. 3 and 4 are wrong though - your clients should never be using an ISP or public DNS server in an active directory environment. They don't know about the machines on your network.

Collapse -

Reponse To Answer

by markp24 In reply to Yes client machines can h ...

Hi I agree with GEChurch, 3 and 4 were meant for a home personal connection from a router , not corporate (that's why I put if applicable)

Collapse -

As other have pointed out

by Charles Bundy In reply to Please help with dns ques ...

That is the purpose of secondary and tertiary DNS settings on the client. Primary should be the on-site DC. Couple of thoughts -

    Collapse -

    Reponse To Answer

    by Donbans_z In reply to As other have pointed out

    Hi Charles....
    1. Yes DNS/DHCP should be localized within the domain to improve the efficiency of the network system.
    2. Pointing to a DNS external to your domain (but within a AD Forest) I believe has zero security issues. Remember, in a Windows AD environment Windows DNS and DHCP servers have to be authorized within the AD Forest for the services to run... otherwise, these services would not run.
    Secondly, users??? Users should not even know what is going on in their ip settings... so no... they would not be confused.

    General, the placement of DNS/DHCP servers in a Windows AD environment should not be considered based on domains in an AD forest. It should be based on sites, network link / bandwidth and your overall company resources. A single DNS Server within a forest can serve all DNS needs. But one will be stupid to do so for redundancy purposes. So it is always good to have multiple... a second. If bandwidth and other resources (another server, energy consumption, memory and processing capability of the other server, etc.) is not an issue, then put a DNS server in every site (geographic location) and not domain. If you have multiple domains but just a single site, two DNS servers are just OK. Please do not misunderstand / get confused about the role of DNS/DHCP servers within your corporation. DNS servers are just pointers to resources within your forest/domains. It is an address resolution / service locator service...based on a client/server query/response model. It therefore is best located taking bandwidth and redundancy highly in to consideration. I hope this clarifies DNS/DHCP for you!

    Collapse -

    Reponse To Answer

    by Charles Bundy In reply to As other have pointed out


    Thanks, tho I'm often confused, this wasn't one of those times :)

    wrt the second bullet item, it was addressed towards the suggestion of utilizing an open, non infrastructure DNS. You do that and it will confuse users who can't access a server via UNC but hit just fine when their local DNS service goes belly up. This assumes the server is on the other side of a router as I've seen NetBIOS broadcasts resolve on the same subnet.

    Security-wise an external DNS resolve could return a bad address for external well known URLs (think Citibank, Amex, et-al.) Just depends on how secure that external DNS is and your trust in it.

    Collapse -

    Yes possible in couple of ways

    by jopatel In reply to Please help with dns ques ...

    Have secondary DNS server on each site bear in mind it will be expensive depends on your company size. The best practice is to always have plan B.

    Try to go virtual. Have it all virtual, this way it will save lots of money and in matter of time your site will be up and running...

    Related Discussions

    Related Forums