Jump to content
RESET Forums (homeservershow.com)
Sign in to follow this  
SimonHind

DNS Server

Recommended Posts

SimonHind

Dear All

 

i have aquestion about DNS Server setup

 

i have the following setup on the DC

DHCP

DNS

MDT

WDS

SCCM

 

Server IP

192.168.0.2

 

SERVER DNS SETTINGS

Virginmedia's DNS

 

Client DNS handled by DHCP Scope

GW  : 192.168.0.1

DNS : 192.168.0.2

 

Whats the easiest way to add quad9 DNS to clients

 

1. would it be easier to add them add DNS forwarders or.

2. add them ad additonal DNS on the DC as cleints are pointing to the DNS Server

3. adding them to the DHCP Scope

 

please can someone help

Share this post


Link to post
Share on other sites
nrf

there are many ways to do this. what is your goal? if you want quad9 for protection, you might want to skip your ISP's DNS or configure the DC's DNS to not use round robin and only go to the ISP if quad9 fails (which it shouldn't but....). Now if your DC should fail, it seems like clients would appreciate having some kind of fallback, right? so throw them a bone too.....any bone would suffice!

 

I'm sure someone else here has an opinion as well....

Edited by nrf
typo

Share this post


Link to post
Share on other sites
SimonHind
13 minutes ago, nrf said:

there are many ways to do this. what is your goal? if you want quad9 for protection, you might want to skip your ISP's DNS or configure the DC's DNS to not use round robin and only go to the ISP if quad9 fails (which it shouldn't but....). Now if your DC should fail, it seems like clients would appreciate having some kind of fallback, right? so throw them a bone too.....any bone would suffice!

 

I'm sure someone else here has an opinion as well....

 

i want client workstations to point to 192.168.0.2 as DN1 which means they call see the ISP DNS

i also want extra layers to help with filtering prohibited websits for extra protection

both for servers and workstations

1. set quad9 DNS direcrly in the IPV4 Properties

2. set quad9 DNS using DNS Forwarder ( properties > forwarders >  (edit forwarders)

 

which is best, at present cleints just see 192.168.0.2 as there DNS

 

 

 

Share this post


Link to post
Share on other sites
nrf

so the easy way to do it is to set your dc dns server to refer to the providers you wish to utilize.

I'm trying to point out that if you round-robin among the isp and quad9 you won't be consistently protected.

I'm also trying to point out that if your DC ever fails nobody will get any dns the way you have it.

 

Share this post


Link to post
Share on other sites
SimonHind
7 hours ago, nrf said:

so the easy way to do it is to set your dc dns server to refer to the providers you wish to utilize.

I'm trying to point out that if you round-robin among the isp and quad9 you won't be consistently protected.

I'm also trying to point out that if your DC ever fails nobody will get any dns the way you have it.

 

 

that is your suggestion then regarding my current DNS

 

1. do i set DNS1 & DNS2 as Quad9, then set my ISP as DNS forwarders

2. set all the above is IPV4 Properties in DC

 - DNS1 & DNS2 as Quad9

 

image.png.aa22216aef8f9892d84742d1db1e8679.png

Share this post


Link to post
Share on other sites
nrf

I would set my dc dns server to forward to a list of servers, starting with quad9 and followed by any others.

I would then turn off round robin in the dc dns server

I would leave the clients pointing to the dc

I would set up some means to alert if the DC went down

Share this post


Link to post
Share on other sites
SimonHind
14 minutes ago, nrf said:

I would set my dc dns server to forward to a list of servers, starting with quad9 and followed by any others.

I would then turn off round robin in the dc dns server

I would leave the clients pointing to the dc

I would set up some means to alert if the DC went down

 

so basically

 

my DC is also my DNS Server anyway, i ned to put 2 DNS entries in

so on DC DNS Serber DN1 & 2 Put Quad9 DNS

 

then my Virgimedia DNS and any other DNS entry into

DNS Forwarder ( properties > forwarders >  (edit forwarders)

 

sorry i am not that technically minded to know alot of DNS but you are certiainly teaching me something new and a better way

 

image.png.715e13fc0dc1143e21b348b210d94150.pngimage.png.cb711f83282fa27d55ddd5e4e7b3a24e.png

 

 

Share this post


Link to post
Share on other sites
nrf

do you have a backup domain controller?

I am used to having the first dns entry for the server itself to be 127.0.0.1

I would suggest putting quadnine in your forward list at the top and turn off round-robin

 

Still surprised nobody has chimed in on this

Edited by nrf

Share this post


Link to post
Share on other sites
SimonHind
4 minutes ago, nrf said:

do you have a backup domain controller?

I am used to having the first dns entry for the server itself to be 127.0.0.1

I would suggest putting quadnine in your forward list at the top and turn off round-robin

 

Still surprised nobody has chimed in on this

 

 round robin is turned off

image.png.1222a42760c00072746590f3a065e2fe.png

 

forwarders now set

image.png.ca5cefdc80131cdefe4d22220401e4d3.png

 

 

DC NIC1 set

image.png.19b2f2b01fefb1907209fc4f2f169dee.png

 

 

 

Share this post


Link to post
Share on other sites
ShadowPeo

Basically DNS utilitizes round-robin/forwarding lists unless told otherwise. What I do for clients that have to have DNS filtering is the following

 

·        Server Local DNS:

o   127.0.0.1 (To allow for local lookups)

o   Secondary DC, or Upstream filtered DNS if no secondary DC, there should be a secondary DC, always, if in doubt see previous statement

·        Server DNS Server

o   Filtered Upstream in Forwarder, this set to primary position. Round robin disabled

o   ISP/Cloudfare/Google Public DNS as next in list. Then fallback to Root DNS servers

o   Conditional Forwarders for known domains. If I have specific domains that need to be looked up on specific servers, I create a conditional forwarder for that domain

·       DHCP

o   DNS set to Server IP

o   DNS set to Secondary Server IP, or upstream filtered DNS

 

  • Thanks 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  



×
×
  • Create New...