0

I have Cable Internet from Comcast (Xfinity) with a 256Mbps connection.

Then I have a WRT1900AC Router (with the wireless turned off). The configuration is as follows:

  • Subnet: 10.10.1.0/24
  • Router: 10.10.1.1
  • Primary DNS Server: 10.10.1.2 (This is my DC)

I have a home lab, it consists of about 45 servers, and about 5 workstations.

I have an AD Server with DNS setup in my home network.

All of the servers and computers are connected to that DC.

Everything works fine, however on occasion I get DNS errors. I am sure it is because of my DC is a bit of an older machine (its physical), so it may have a hard time of keeping up with the translations.

What I would like to do is to somehow have the DNS all point to the internet providers Default DNS Server, unless it is looking for mydomain.local, or any internal DNS (machine names, a records, mx records, etc...) that I specify.

What should I do? Is it possible to set that up to have the default DNS Server point to that of my internet provider, but still specify somehow specify what the internal DNS is before it reaches out to the outside DNS servers?

UPDATE: What if in my router I have the DNS Servers as follows: DNS 1 - 75.75.75.75 (ISP First DNS) DNS 2 - 75.75.76.76 (ISP Second DNS) DNS 3 - 10.10.1.2 (Internal AD DNS Server)

Improve this question
5
  • You basically need to have the DC as your primary (exclusive) DNS for the clients, and then it's up to the DC's DNS server to forward unknown requests to the next DNS up the chain (usually your ISP, or a public DNS like Google's). You MIGHT be able to get away with using an external DNs on the client, if you enter all the local machines (and their IPs) into the HOSTS file on each client. But really, I would expect any machine built in the last ten+ years could handle DNS requests for a network the size you're describing...
    – Ƭᴇcʜιᴇ007
    Commented Jun 14, 2016 at 18:24
  • So, exactly what DNS errors are you getting, and what makes you think it's due to a delayed response from the DC?
    – Ƭᴇcʜιᴇ007
    Commented Jun 14, 2016 at 18:25
  • What if in my router I have the DNS Servers as follows: DNS 1 - 75.75.75.75 (ISP First DNS) DNS 2 - 75.75.76.76 (ISP Second DNS) DNS 3 - 10.10.1.2 (Internal AD DNS Server)
    – billsecond
    Commented Jun 14, 2016 at 18:47
  • Alternate DNS servers generally don't work like you think. If the first one answers at all (even to say it's an unrecognized name you've requested) then the next one(s) in the list will not be checked, because the first one answered and gave you a result, even if the result was "not found". But again, what DNS actual errors are you getting?
    – Ƭᴇcʜιᴇ007
    Commented Jun 14, 2016 at 18:51
  • The DNS error actually just showed up that it was not found on the browser.
    – billsecond
    Commented Jun 14, 2016 at 18:52

1 Answer 1

Reset to default
2

From a client perspective (your router, your DC, your other PCs), client-side DNS configuration assumes that all IP addresses you configure for DNS resolution are equivalant and provide the same results. Multiple IPs are for redundancy. Mixing DNS resolving IP addresses that provide different answers results in, well, different randomized and inconsistent results. (See https://blogs.technet.microsoft.com/networking/2009/06/26/dns-client-resolver-behavior for details on how a Microsoft DNS client behaves.)

Now that you understand that, you now know that you cannot solve your design scenario from the client perspective. You need a server-side solution.

Because you have internal domain(s) that are hidden from the rest of the world, the only way to consistently see them is for all your clients to be pointing to your DC, and they all must exclusively point there, or they won't always see it which will cause hard-to-diagnose intermittent problems. Then your DC is responsible for resolving anything else it doesn't know about via global forwarding to your ISP DNS servers, i.e., 75.75.75.75 and 75.75.76.76.

If your DC is having trouble, then your only real solution is to setup a second internal DNS server that is configured the same for redundancy (a member server will work, it doesn't have to be a full DC), maybe virtualized (which is just fine), and put the IP addresses of both of those DNS resolvers into your client DNS cofigurations.

PS: I sure hope you're using DHCP or something like it to centrally manage network configs on 45+ servers.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .