I've inherited a LAN where there is really no name resolution being done for local resources… i.e. all users enter IP addresses manually to access printers and network shares. There are no LDAP servers or domains either….workstations simply connect to the network without authentication. DHCP is handled via a core switch… And DNS settings are also handed out by this same core switch. Currently, the DNS assignments are as such, and in this order:
10.1.1.50 / old Pentium III Windows 2003 box running DNS service- 128 MB RAM
169.200.x.x / ISP
4.2.2.2. / the well known public one
There a couple thousand clients on the LAN….and most of the activity is web browsing ( this is an educational setting ).
First of all, the server seems woefully underpowered for this task…yet there is virtually no slowness when web surfing by clients….
How much horsepower should a heavily used DNS server have ?
I have also heard using 4.2.2.2 is a bad idea …. since it has been so overused…
Finally, wouldn't it make sense to have a robust external DNS server listed first? ( Google's 8.8.8.8 would seem to be a logical candidate )
Best Answer
As that server is clearly not being stressed I'm inclined to think that there is no reason to change anything. The network you have described really doesn't need internal DNS and not having it may even slow (briefly?) down the hacking attempts by the students, as it will not be immediately obvious what machine does what.
As you have given no indication at all that the present system isn't working perfectly there isn't an actual need to change anything.
In regard to
Why is that logical? Why not just use the ISP's DNS, or some other unfiltered source?
I would go even further and remove 4.2.2.2, as the likelyhood of it ever being hit by the clients is slim to none. After all, both the 2003 machine and the ISP's DNS would have to be down for that to happen. If you really feel a need for a third DNS source add the ISP's secondary instead.