DNS Forwarder that is not recursive. Is this allowed?

-

we have situation have domain controllers across world have own child dns domains:

ex.   sitea.mycompany.com , siteb.mycompany.com, etc

these sites have own internet connectivity mpls company's data center.

currently remote dns servers have forwarders point dns servers in data center.    the data center dns servers have forwarders go out internet resolve outside dns queries.

this solution works, side effect have noticed related websites utilize akamai.    since outside dns queries being sourced data center dns servers, akamai returning ip addresses closest data center in us, , not remote sites spread out across world.  

in order fix need local dns servers go out local internet connection , resolve own external dns queries.   akamai see source ip local site , return ip closer site us.

the data center dns servers have dns zones can expanded @ time:

ex.   mycompany.com, domain-today.com, lookhere1.local, etc.      domain-tomorrow.com can added next month.

new domains added month , isn't practical touch each remote dns server add new stub domain.

my idea have data center dns servers listed top forwarder servers.    the data center dns servers configured not recursive, if zone not live on not forward internet dns server.   remote dns server go down it's forwarder list , send request next server (which configure internet dns server)?

if isn't viable solution have other suggestions?


since description don't know in advance domains setup on dc servers, , don't know external domains you'll want lookup, i'm not sure conditional forwarders much.

having tested believe idea should work, eg setting dns servers in dc not recursive , configuring remote dns servers connect internet rest of them. couldn't replicate setup, did :

set dns server not recursive, , confirm server on network still local lookups external lookups failing. add second choice dns server on other server external lookups. machine able local lookups still , able external lookups well. when tried resolving domain exists both on internet , on dns server worked, , crucially, when queried record on zone exists on dns server still resolved (so server hadn't stopped querying local dns server).

as understand it, when you've disabled recursion on dns server, if receives request external domain reply gives indicates can't resolve query, not record doesn't exist, machine requesting move onto next preference rather giving up.



Windows Server  >  Network Infrastructure Servers



Comments

Post a Comment

Popular posts from this blog

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

-
i seeing odd error on 1 of our domain controllers. have dealt event id 1058 errors whereby policy (or policies) not replicating, receiving error along error code 1326 on server, , apparently happening default domain policy: log name:      system source:        microsoft-windows-grouppolicy date:          8/10/2015 3:09:54 pm event id:      1058 task category: none level:         error keywords:      user:          s-1-5-21-1484152634-2550175353-3916092219-3287 computer:      <dc name>.<domainname> description: processing of group policy failed. windows attempted read file http://schemas.microsoft.com/win/2004/08/events/event ">   <system>     <provi...
Read more

Suspicious event log Event ID: 4905

-
hi thr, could please me understand causing such event logs generate ? as  i understand, vssvc.exe pertains volume shadow copy used backup purpose.  we have third party application used taking backup of servers. the event longs generated following messages: 1) attempt made unregister security event source. 2) attempt made register security event source. these events not regular generated on random days. standard fields: date:               2013/10/19 time:               02:32:19 importance:         critical rule name:          security event monitored machine:  <domain controller> log format:         windows log name:           security event id:           4905 in work hours:      yes dynamic fields: internal timestamp: 2013/10/19 ...
Read more

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more