should use DNS separate server with active directory ?

Question

Current our system as below- Client , Server point dns to all server active directory- active directory forward dns to two server dns external dmz to resolve dns external- internal dns zone create in&nbsp;active directoryhere some problem- when server active directory offline is dns of all server client current set (example AD 10.1.1.1 offline and all server set dns&nbsp;10.1.1.1 ) then will effect to resolve of server- some case client dos dns do offline dns active directory effect to server need resolve dns- maintain&nbsp;active directory then all server need change dnsShould build two server dns standalone to all server, client point dns to this two server and from two server forward dns to&nbsp;active directory ?

harm_veenstra · Answer

Normally all clients and servers point to two DNS servers at least, if possible one in their own site and one in a remote site as backup. (Sometimes it doesn't matter, if WAN link is down you probably can't do much anyway). This can be a Domain controller with Active Directory integrated zones and a forwarder for external lookups, in your case to external DMZ servers which forward those requests outside of your network.

Does your environment only have one Domain Controller? If so, then it's a good idea to setup another one (If possible, perhaps it's not possible when you are using Windows SBS, Foundation or Essentials) or use a member server with the DNS server role on it.

thanhtien19 · Answer

we have five server Domain Controller , and all server set two dns primary and secondary is all ip of server ad remain , but because i worry if primary dns failed then can some server effect. should want build two server dns standalone to can if primary failed then secondary dns can change to IP primary simple than AD

harm_veenstra · Answer

Because the zones are Active Directory integrated? All domain controllers can write to their own copy of the DNS zone, they are all primary so to say. If one domain controller fails, the registration continues on the one which you configured as second dns server in your network card configuration.

https://www.windowstechno.com/what-is-ad-integrated-dns/

thanhtien19 · Answer

Yes , here I worry member server set primary dns is AD1 , secondary AD2 . IF AD1 offline can effect to resolve dns of member ?

harm_veenstra · Answer

If the member server can't reacht AD1 for DNS resolving, and it has AD2 configured as secondary dns... Then it will use AD2 for DNS resolving, it the DNS zone is AD Integrated then AD2 will always have a synced up-to-date writeable copy of the DNS zone.If you're worried about this, remove the AD1 DNS ip-address from the member server so that it only has AD2 as it's DNS server. If everything still works, then you know enough 😉

Forum Discussion

should use DNS separate server with active directory ?

5 Replies

Resources