Sanity check - AD Integrated DNS configuration

[seepy83]

I need a quick sanity check on configuration for AD Integrated DNS. DC01 (primary DNS server) went down for a few minutes, and DC02 (backup DNS server) wasn't resolving requests for external domains. Checking their configurations - DC01 is configured to use one of the ISPs DNS servers as a Forwarder. DC02 is configured to use DC01 as a forwarder.

Obviously DC02 didn't resolve requests for external domains because it had nowhere to send the request to, but I'm trying to figure out if there was any good reason that it was configured this way by whomever set it up. Any thoughts?

Also, my memory is telling me that you don't need to list any other DC as a forwarder, because AD-Integrated DNS is going to replicate DNS records between the DCs in the background, right?

 

[drebo]

Someone didn't know what they were doing.

Both of those DCs will be authoritative for the local zone if it is AD integrated, which it should be.

There is no reason for DC02 to forward DNS requests to DC01. If you want it to do recursion for external lookups, you can forward to an external name server or have it do root lookups by itself.

 

[seepy83]

Thanks. It definitely didn't look right to me.

 

[imagoon]

Someone didn't know what they were doing.

Both of those DCs will be authoritative for the local zone if it is AD integrated, which it should be.

There is no reason for DC02 to forward DNS requests to DC01. If you want it to do recursion for external lookups, you can forward to an external name server or have it do root lookups by itself.

Seconded.

 

[rasczak]

Someone didn't know what they were doing.

Both of those DCs will be authoritative for the local zone if it is AD integrated, which it should be.

There is no reason for DC02 to forward DNS requests to DC01. If you want it to do recursion for external lookups, you can forward to an external name server or have it do root lookups by itself.

This.