No announcement yet.

Change DNS forwarder IP on 2003 DC

  • Filter
  • Time
  • Show
Clear All
new posts

  • Change DNS forwarder IP on 2003 DC

    Good day everyone

    My ISP decided to change their primary and secondary DNS ip's
    Now I need to change the forwarded IP to the same as iSP, on my Domain Controller

    Where do I go?

    I assume:
    Open DNS and right click on the server name,just below "Dns" and go to properties
    Click on the forwarders tab and add the new IP in "selected domains forwarder IP address list"?
    Remove the old IP address?

    If above mentioned is correct, is there anything else thats needs to be done?
    ie. Reboot the DC or type something in command prompt or whatever. Or am I set to go and my client pc's will get the new forwarded IP?

    I am also aware that when using DHCP, I have to change scope option 006 by adding the new IP of the ISP's DNS and remove the old one, and making sure that my local IP of DC is also featuring in option 006

    thanks guys and girls

  • #2
    Re: Change DNS forwarder IP on 2003 DC

    You are correct on the steps needed to update your forwarders. No reboot is needed.

    Now, with regard to your DHCP, why are you pointing your clients to your ISP's DNS? I would strongly recommend that your clients point to your internal DNS servers. This is to ensure that they can resolve all internal names (required for Active Directory). When they query your DNS servers, your DNS will use the information in the forwarders configuration when they need to resolve host names for domains they are not authoritative for.

    By the way, using forwarders is not required. Another option to mitigate this issue in the future is just to allow your DNS servers to use their root hints and query the internet root servers directly.

    If you do prefer to use forwarders, other may recommend using a set of public DNS servers (google), or even OpenDNS.
    JM @ IT Training & Consulting


    • #3
      Re: Change DNS forwarder IP on 2003 DC

      Hi there JM
      Thanks for your quick response. Much appreciated!

      I do use my DHCP to issue the local dns ip
      Under the DHCP scope option 006 my values are set as follow

      (Option name) 006 dns servers (value),

      So when the client computer tries to resolve a name locally, the local dns IP can resolve it otherwise if that fails it forwards to the ISP's IP

      I am open for suggestions, though this does work. But again. I am open for better suggestions and best practice methods

      I am thinking of using google as a DNS server (8.8.8.? Can anybody possibly comment on this if it works well?

      thanks very much JM


      • #4
        Re: Change DNS forwarder IP on 2003 DC

        DNS will do the work for you, if you let it. Point all DHCP scopes to your internal DNS server(s), so that all your internal clients only query your DNS system. If your DNS doesn't have the answer a client needs, let that server query the upstream servers on it's own--your client will still get it's answer, and your DNS will have that answer cached for a period of time so can answer another internal client for the same site, without repeating the internet traffic needed to answer again.

        As well, if only your DNS server(s) talk to DNS directly on the internet, the next time your ISP makes a change, you only have to change your forwarders, if you still use them. As JM pointed out, your DNS can ask the authoritative DNS on the internet directly, so forwarders aren't needed in your setup.
        MSCA (2003/XP), Security+, CCNA

        ** Remember: credit where credit is due, and reputation points as appropriate **


        • #5
          Re: Change DNS forwarder IP on 2003 DC

          Thank you RicklesP

          So what you are saying: I need to add only my local dns ip in the DHCP scope option

          In other words: My client's IPv4 will only show the primary dns ip and the alternate will be blank (when doing ipconfig /all)

          Instead of giving the client computer 2 options to resolve names, you basically force it to use only the local dns server (which has 2 options to resolve. 1 itself and 2. the forwarder) So your dns server does all the work?

          How about using googles' public dns server ( )? Is this recommended for forwarders?

          Once I have changed the IP on the forwarder tab, is that good enough or are there any other options that I need to do first in order to have the latest IP "kicking in"

          Apologies if I have asked this twice already


          • #6
            Re: Change DNS forwarder IP on 2003 DC

            So with regard to both of your questions...

            For the clients, I would also recommend that they only communicate with your internal DNS server(s). If you have only one and that meets your business needs, then your client only need that DNS IP. Its not a good idea to mix DNS servers that do not have the same zones loaded. Reason being is that if for some reason there is a hiccup and your clients fall back to the internet ISP DNS server, they will be querying that system for internal hosts, and the ISP will not have the response needed. Again, if you are concerned about redundancy, then you should have a second DNS server on your LAN.

            With regard to using Forwarders or Root Hints, what is the best choice? Either one, there is no best choice, it all depends on what your requirements are. I know that a lot of admins choose the forwarders option, but I prefer root hints for edge DNS systems, why because of the exact issue you faced. I do not want to depend on my ISP or other public DNS server.

            When do I suggest using forwarders...? I usually configure forwarders on networks where say for instance, you have a main office and many remote offices. the main office DNS servers are configured to use root hints, but the remote offfice DNS servers are configured as forwarders...where do they forward to, the main office DNS servers.

            Hope this explanation helps..
            JM @ IT Training & Consulting


            • #7
              Re: Change DNS forwarder IP on 2003 DC


              Thank you very much for answering my question and easily explaining the advantages and disadvantages.
              Thanks to RicklesP aswell
              It is now clear to me what I need to do and will make the necessary changes!

              Once again you guys helped me out.
              I am in your debt