No announcement yet.

Question about multiple DNS servers with different resources in AD

  • Filter
  • Time
  • Show
Clear All
new posts

  • Question about multiple DNS servers with different resources in AD

    Hello, I don't have any experience with using Active Directory so please bear with me. My question is, is it possible to use multiple DNS servers that point to different resources?

    Currently, the primary DNS is a Verizon DNS for resolving Internet address. I have 2 other DNS address that also need to be used for services offered on a private network. I've been told by another technician that the way our AD installation is setup is with the Verizon as the primary and the private networks in the 2nd and 3rd options for DNS. If a user tries to connect to a service on the private network they cannot resolve the name as it appears AD is not using the 2nd or 3rd DNS that's configured.

    Are the other DNS addresses only used as a fault tolerate server or can I also configure AD to look at the other servers when it cannot find the address on the primary?

    Thank you for any advice! -Mark

  • #2
    Re: Question about multiple DNS servers with different resources in AD

    DNS is heirarchical. This means layers of authority. If your private services are part of your internal domain, then the DNS servers inside your system should be the only DNS servers your internal clients talk to, because they are the only servers that hold authority for the resource info in your domain. If your clients need DNS resolution for Internet, , they should still send the request to your internal DNS. Your DNS servers should be forwarding internet lookup requests to the Verizon server. This is called recursive lookup. If your clients talk to the Verizon DNS first, the Verizon will never resolve the private services, because it won't ask back down to your internal DNS servers, it will only ask 'further up the food chain', as it were.

    If you open the DNS Management Console and right-click on one of your server names, then click on 'Properties', you'll see several tabs--one is called 'Forwarders'. That's where you tell your server who to call when it can't answer a DNS question from a client.

    Have a look thru for white papers from M-soft about DNS. There's tons of info about how DNS works and the best way to configure it.
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **


    • #3
      Re: Question about multiple DNS servers with different resources in AD

      +1 for the answer above. None of the machines on your network should be using your ISP's DNS server as their primary DNS server. They should be using your internal DNS servers (domain controllers) and then you configure a forwarder on your DNS servers to pass on anything it cannot resolve internally to your ISP's DNS servers
      Software for IT Pros that I've written:

      My blog: