cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DNS server architecture

thanhtien19
Iron Contributor

‎Sep 07 2022 07:03 AM

‎Sep 07 2022 07:03 AM

DNS server architecture

Current we are using active directory integrated dns and all dns internal zone in ADDNS. and have two server DNS server using to forwarder to internet . Client -> AD DNS -> DNS Forwarder -> Google DNS.With topology current we some problem when have some client problem then it query more to DNS server to resolve domain internet that do server dns hang , slow response. Please suggest help me how to prevent this and suggest some solution about DNS to can for large request.

Labels:
1,811 Views
0 Likes
7 Replies
Reply
7 Replies
Harm_Veenstra

‎Sep 07 2022 02:03 PM

‎Sep 07 2022 02:03 PM

Re: DNS server architecture

Operating System, 2012R2/2016/2019/2022? Patches up to date?
0 Likes
Reply
thanhtien19

‎Sep 08 2022 04:51 AM

‎Sep 08 2022 04:51 AM

Re: DNS server architecture

Current OS is 2012R2 and alway up to date
0 Likes
Reply
Harm_Veenstra

‎Sep 08 2022 05:27 AM

‎Sep 08 2022 05:27 AM

Re: DNS server architecture

How many clients, do they all use the same DNS server as primary?
0 Likes
Reply
thanhtien19

‎Sep 08 2022 05:32 AM

‎Sep 08 2022 05:32 AM

Re: DNS server architecture

Current all client (12000 client and 500 server) point to primary is first server , secondary second dns. but current all the same primary dns IP
0 Likes
Reply
Harm_Veenstra

‎Sep 08 2022 06:11 AM

‎Sep 08 2022 06:11 AM

Re: DNS server architecture

You could change your DHCP settings so that half of the scopes configure the second server as primary? (Load-Balance)
0 Likes
Reply
thanhtien19

‎Sep 08 2022 08:24 AM

‎Sep 08 2022 08:24 AM

Re: DNS server architecture

yes, but after rebalance then still can not prevent if some client problem then can query more dns ?
0 Likes
Reply
Harm_Veenstra

‎Sep 08 2022 08:35 AM

‎Sep 08 2022 08:35 AM

Re: DNS server architecture

Preventing? No, but at least you're spreading the load and you can set up DNS logging/auditing (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012) to see what they are querying and if you can somehow lower that.

There is a rate-limiting feature, but that's on Windows Server 2016 (https://docs.microsoft.com/en-us/powershell/module/dnsserver/set-dnsserverresponseratelimiting?view=...) I guess it's more for defending against an attack though...
0 Likes
Reply