No announcement yet.

DNS settings for DC/Exchange

  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS settings for DC/Exchange

    Hi Everyone

    I have inherited a small network, where there is only one server (Win2003) which serves both as DC and Exchange(2003)

    Everything has been working fine until recently when suddenly emails stopped going out. Emails coming in were ok.

    So after doing some investigation and trying a few different things the settings that have worked are that I've had to add the ISP external DNS servers to the TCP/IP properties. Whereas before the server had its own IP as DNS.

    So now when I run c:\nslookup -q=mx I get a full detailed report. But if i change back to DNS as and run the command it fails.

    when I run c:\netdiag it fails the DNS test. and if i change back to DNS as and run the command it passes.

    Though currently the setup is working with the ISP DNS in TCP/IP I was wondering if anyone could shed some light on this and tell me what DNS should be used in this scenario ?

    Thanks in advance.

  • #2
    Re: DNS settings for DC/Exchange

    DNS configuration for AD is quite simple.

    On all members of the AD, including domain controllers, ONLY internal DNS servers should be listed. Domain controllers to themselves. No external DNS Servers should be listed anywhere in the network configuration of any AD member.
    If you have problems with DNS lookups, then configure forwarders in the DNS Server applet on your domain controllers to point to the ISPs DNS Servers.

    DNS in an AD is more than just name lookups and the use of external DNS Servers can cause problems with logins and using other resources.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.


    • #3
      Re: DNS settings for DC/Exchange

      Thanks for the reply. I have done exactly that and everything seems to work fine.

      However to add forwarders i had to enable recursion. Once i added the isp dns in the forwarders the nslookup and netdiag both were happy. Then just out of curiosity i removed the forwarders and left recusion enabled and still it works with no errors for nslookup or netdiag. So that means its not forwarders but recusion which causes these symptoms.

      Now what i've read is that recusion should be disabled unless specifically required. Then why do i need to enable it ? this is such a small and straight forward network.


      • #4
        Re: DNS settings for DC/Exchange

        You should keep recursion enabled. Disabled recursion was your original problem.

        You should not specify forwarders, unless you have a specific reason, such as security (opening dns port to the specific outside ip address) or bandwidth control, or such.

        Microsoft implementation of DNS is capable of resolving internet addresses right out of the box without additional configuration. It does so throught a process called recursion, where it contacts other dns servers responsible for name resolution for other domains, which it cannot resolve itself.

        If you specify forwarders, you enter a possible trap of loosing name resolution in case if the specified forwarder goes down.

        Enable recursion, remove forwarders, and everything should be able to work fine.
        Also, never specify an external ISP's DNS address in the AD environment. Especially on the DC. This can create horrible problems.

        Hope this helps.