I´ve just configured a windows server 2008 r2, but got a lot of problems on DNS role.
Let me talk about the server configuration:
- name: fdserver
- IP address: 192.168.0.10
- I have a DNS zone called "fd.local". This is my domain and it´s working ok.
- I´ve created a zone called fdserver, and inside this zone a record (A) with "*" as a host. because this is a webserver, i´ve configured apache so if you enter something like "site.fdserver" it will point you to the "site" folder. This is working ok ONLY inside the server.
- This server is a DNS server too… and have 3 entries: 192.168.0.10 (his own IP), 8.8.8.8 and 8.8.4.4 (google public DNS).
Now start the problems…
Most of the computers on my network, CAN join the domain without problems. But just CAN'T ping "something.fdserver".
Now comes the strange thing… If I remove the twoo secondary entries on my DNS server (8.8.8.8 and 8.8.4.4), it obvious stop accessing websites (like microsoft.com), but now the computer CAN ping "something.fdserver".
I don´t know If I explained correctly… and my English is terrible…
but inside the server is all working as it supposed to work. But in the workstation machines, it work only if I remove the secondary DNS!!
If you need any details, just ask! thanks!
Best Answer
If you have local DNS names (which you do), generally you'd want to set your DNS and AD server to use only itself as a DNS server. You want all your other servers and client workstations to do the same. It's the closest thing to you, and public DNS servers don't carry your local domains. The standard doesn't require that a DNS client try each resolver it has if one of them returns a SERVFAIL or NEXIST, and in fact most don't. The actual behaviour is that they either use all the DNS resolvers configured in round-robin, or only move down the list if the primary one is not reachable.
Resolving DNS names using root hints is never a bad idea; it removes one point of failure (the forwarders, which may change or go down). If you can't, at least prune the forwarder list frequently.