should use DNS separate server with active directory ?

Iron Contributor

Current our system as below

- Client , Server point dns to all server active directory

- active directory forward dns to two server dns external dmz to resolve dns external

- internal dns zone create in active directory

here some problem

- when server active directory offline is dns of all server client current set (example AD 10.1.1.1 offline and all server set dns 10.1.1.1 ) then will effect to resolve of server

- some case client dos dns do offline dns active directory effect to server need resolve dns

- maintain active directory then all server need change dns

Should build two server dns standalone to all server, client point dns to this two server and from two server forward dns to active directory ?

5 Replies
Normally all clients and servers point to two DNS servers at least, if possible one in their own site and one in a remote site as backup. (Sometimes it doesn't matter, if WAN link is down you probably can't do much anyway). This can be a Domain controller with Active Directory integrated zones and a forwarder for external lookups, in your case to external DMZ servers which forward those requests outside of your network.

Does your environment only have one Domain Controller? If so, then it's a good idea to setup another one (If possible, perhaps it's not possible when you are using Windows SBS, Foundation or Essentials) or use a member server with the DNS server role on it.
we have five server Domain Controller , and all server set two dns primary and secondary is all ip of server ad remain , but because i worry if primary dns failed then can some server effect. should want build two server dns standalone to can if primary failed then secondary dns can change to IP primary simple than AD
Because the zones are Active Directory integrated? All domain controllers can write to their own copy of the DNS zone, they are all primary so to say. If one domain controller fails, the registration continues on the one which you configured as second dns server in your network card configuration.

https://www.windowstechno.com/what-is-ad-integrated-dns/
Yes , here I worry member server set primary dns is AD1 , secondary AD2 . IF AD1 offline can effect to resolve dns of member ?
If the member server can't reacht AD1 for DNS resolving, and it has AD2 configured as secondary dns... Then it will use AD2 for DNS resolving, it the DNS zone is AD Integrated then AD2 will always have a synced up-to-date writeable copy of the DNS zone.

If you're worried about this, remove the AD1 DNS ip-address from the member server so that it only has AD2 as it's DNS server. If everything still works, then you know enough ;)