I have a standard small network setup (20 users) on Active Directory. All Windows machines have a primary DNS server as the AD and a secondary DNS server as Google PDNS. I want to setup a DNS entry that exists in real DNS but set it up on our DC so that local requests would route this public domain to a local development machine on the network.
I setup the zone in DNS which results in the clients resolving the public FQDN to our internal IP. However, sometimes it still resolves to the "real" value (I check by pinging it). Is there some way to give the zone definition in my DC DNS higher priority? Or will the client that has secondary public DNS always at sometimes have a competing entry for this zone?
Best Answer
By Google PDNS, I'm assuming you mean one of Google's new "public use" DNS servers. If so then my recommendation would be to remove it as the secondary DNS server for your internal clients. Internal AD\DNS clients should always be configured to use only the internal AD\DNS server(s) for DNS name resolution. You can configure your AD\DNS server(s) to use the Google DNS servers as forwarders if you like, but all internal clients (including the AD\DNS server) should be configured to use the internal DNS server(s) only.
Once you do that, all of your internal clients will look only to the internal AD\DNS server for all name resolution and any zone that the AD\DNS server is authorative for will be answered only by the internal AD\DNS server.