Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Using Forwarders Verses Root Hints

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 29-07-2008
PP
 
Posts: n/a
Using Forwarders Verses Root Hints

Hi

I am a little confused on how to configure my DNS server which I have
installed on a ship, which is set up as its own forest.
The problem is I have several ways to connect to the internet and each
connection has it own DNS which I have added as a DNS forwarder to my server.
We sometimes have problems with clients resolving names and to correct it we
simply change the ranking of the forwarders, which don’t make sense to me as
I thought if the first forwarder failed to obtain an answer it would go to
the next forwarder. Also when setting up my forwarders I selected Do Not Use
Recursion so I wouldn’t use Root Hints. Now I am wondering if I shouldn’t use
Forwarders and just change my Root Hints to show only DNS servers I will be
connecting to. Other than being able to use Conditional Forwarding, can
someone tell me if there is an advantage/disadvantage to using Forwarders
verses modifying the Root hints?



Reply With Quote
  #2  
Old 31-07-2008
Kevin D. Goodknecht Sr. [MVP]
 
Posts: n/a
Re: Using Forwarders Verses Root Hints

Read inline please.

In news:FD9E599C-EC26-4A2C-82FA-C1A9BE85CC20@microsoft.com,
PP <PP@discussions.microsoft.com> wrote:
> Hi
>
> I am a little confused on how to configure my DNS server which I have
> installed on a ship, which is set up as its own forest.
> The problem is I have several ways to connect to the internet and each
> connection has it own DNS which I have added as a DNS forwarder to my
> server. We sometimes have problems with clients resolving names and
> to correct it we simply change the ranking of the forwarders, which
> don't make sense to me as I thought if the first forwarder failed to
> obtain an answer it would go to the next forwarder. Also when
> setting up my forwarders I selected Do Not Use Recursion so I
> wouldn't use Root Hints. Now I am wondering if I shouldn't use
> Forwarders and just change my Root Hints to show only DNS servers I
> will be connecting to. Other than being able to use Conditional
> Forwarding, can someone tell me if there is an advantage/disadvantage
> to using Forwarders verses modifying the Root hints?


If you are going to use a Forwarder, make sure the Forwarder is always
available, no matter which internet connection you use. Some ISPs block
access to their DNS servers unless you are connecting from one of their IP
addresses. If your forwarders are not available from all connections, your
best bet is to not use forwarders at all and let your DNS server use Root
Hints. As far as this Statement:
"Now I am wondering if I shouldn't use
> Forwarders and just change my Root Hints to show only DNS servers I
> will be connecting to"


The Servers listed on the Root Hints tab must have a Root Zone, which most
DNS servers do not. It doesn't mean you must use only the default 13 Root
servers on the Root Hints tab, this means that whatever server are on the
Root Hints tab, they must have a Root Zone that has been delegated with all
TLDs.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


Reply With Quote
  #3  
Old 11-08-2008
PP
 
Posts: n/a
Re: Using Forwarders Verses Root Hints

Thanks Kevin, from what you've told me Root Hints will not work in my
situation either so I will have to use forwarders. You said to ensure the
forwarder is available, in my situation that is not possible, that is why I
use several forwarders, is there a way to tune the way multiple forwarders
are handled?



"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Read inline please.
>

In news:FD9E599C-EC26-4A2C-82FA-C1A9BE85CC20@microsoft.com,
> PP <PP@discussions.microsoft.com> wrote:
> > Hi
> >
> > I am a little confused on how to configure my DNS server which I have
> > installed on a ship, which is set up as its own forest.
> > The problem is I have several ways to connect to the internet and each
> > connection has it own DNS which I have added as a DNS forwarder to my
> > server. We sometimes have problems with clients resolving names and
> > to correct it we simply change the ranking of the forwarders, which
> > don't make sense to me as I thought if the first forwarder failed to
> > obtain an answer it would go to the next forwarder. Also when
> > setting up my forwarders I selected Do Not Use Recursion so I
> > wouldn't use Root Hints. Now I am wondering if I shouldn't use
> > Forwarders and just change my Root Hints to show only DNS servers I
> > will be connecting to. Other than being able to use Conditional
> > Forwarding, can someone tell me if there is an advantage/disadvantage
> > to using Forwarders verses modifying the Root hints?

>
> If you are going to use a Forwarder, make sure the Forwarder is always
> available, no matter which internet connection you use. Some ISPs block
> access to their DNS servers unless you are connecting from one of their IP
> addresses. If your forwarders are not available from all connections, your
> best bet is to not use forwarders at all and let your DNS server use Root
> Hints. As far as this Statement:
> "Now I am wondering if I shouldn't use
> > Forwarders and just change my Root Hints to show only DNS servers I
> > will be connecting to"

>
> The Servers listed on the Root Hints tab must have a Root Zone, which most
> DNS servers do not. It doesn't mean you must use only the default 13 Root
> servers on the Root Hints tab, this means that whatever server are on the
> Root Hints tab, they must have a Root Zone that has been delegated with all
> TLDs.
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
>
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>

Reply With Quote
  #4  
Old 11-08-2008
DevilsPGD
 
Posts: n/a
Re: Using Forwarders Verses Root Hints

In message <F599D42D-BC35-44C8-B873-3EE1F21C7764@microsoft.com> PP
<PP@discussions.microsoft.com> wrote:

>Thanks Kevin, from what you've told me Root Hints will not work in my
>situation either so I will have to use forwarders. You said to ensure the
>forwarder is available, in my situation that is not possible, that is why I
>use several forwarders, is there a way to tune the way multiple forwarders
>are handled?


In short, no.

What is the goal? I assume your DNS server provides your internal DNS
services, including resolution of internet hosts?

If so, all you really need to do here is not use any forwarders, instead
relying on the built-in list of root hints. You'll need to go to
Advanced, make sure that "Disable recursion" is not selected.

Once in that configuration, reset the DNS cache and give it a try,
unless your network or ISP blocks DNS, you should be good to go.
Reply With Quote
  #5  
Old 11-08-2008
PP
 
Posts: n/a
Re: Using Forwarders Verses Root Hints

The goal is to be able to access multiple ISP's which do block DNS.

"DevilsPGD" wrote:

> In message <F599D42D-BC35-44C8-B873-3EE1F21C7764@microsoft.com> PP
> <PP@discussions.microsoft.com> wrote:
>
> >Thanks Kevin, from what you've told me Root Hints will not work in my
> >situation either so I will have to use forwarders. You said to ensure the
> >forwarder is available, in my situation that is not possible, that is why I
> >use several forwarders, is there a way to tune the way multiple forwarders
> >are handled?

>
> In short, no.
>
> What is the goal? I assume your DNS server provides your internal DNS
> services, including resolution of internet hosts?
>
> If so, all you really need to do here is not use any forwarders, instead
> relying on the built-in list of root hints. You'll need to go to
> Advanced, make sure that "Disable recursion" is not selected.
>
> Once in that configuration, reset the DNS cache and give it a try,
> unless your network or ISP blocks DNS, you should be good to go.
>

Reply With Quote
  #6  
Old 11-08-2008
Phillip Windell
 
Posts: n/a
Re: Using Forwarders Verses Root Hints

"PP" <PP@discussions.microsoft.com> wrote in message
news:578CF5D9-8084-4BCB-9EC4-C0FCB06B5A02@microsoft.com...
> The goal is to be able to access multiple ISP's which do block DNS.


The ISPs can't block DNS or their customers would not function.
They can't block the public from their DNS because the public needs to query
the ISP's DNS for the sake of customers that use the ISP as the
Authoritative DNS for their domains.

So an ISP's DNS needs to accept queries from anyone from anywhere at
anytime.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


Reply With Quote
  #7  
Old 12-08-2008
DevilsPGD
 
Posts: n/a
Re: Using Forwarders Verses Root Hints

In message <u$TIic8#IHA.1040@TK2MSFTNGP03.phx.gbl> "Phillip Windell"
<philwindell@hotmail.com> wrote:

>"PP" <PP@discussions.microsoft.com> wrote in message
>news:578CF5D9-8084-4BCB-9EC4-C0FCB06B5A02@microsoft.com...
>> The goal is to be able to access multiple ISP's which do block DNS.

>
>The ISPs can't block DNS or their customers would not function.
>They can't block the public from their DNS because the public needs to query
>the ISP's DNS for the sake of customers that use the ISP as the
>Authoritative DNS for their domains.


There is no requirement that an ISP use the same set of resolvers for
their customers as they use for authoritative DNS for hosted domains.

>So an ISP's DNS needs to accept queries from anyone from anywhere at
>anytime.


Even if that were the case, if your local ISP blocks it's own customers
from performing DNS lookups against third party servers, having open DNS
servers doesn't help you.
Reply With Quote
  #8  
Old 12-08-2008
Kevin D. Goodknecht Sr. [MVP]
 
Posts: n/a
Re: Using Forwarders Verses Root Hints

Read inline please.

In news:u$TIic8%23IHA.1040@TK2MSFTNGP03.phx.gbl,
Phillip Windell <philwindell@hotmail.com> wrote:
> "PP" <PP@discussions.microsoft.com> wrote in message
> news:578CF5D9-8084-4BCB-9EC4-C0FCB06B5A02@microsoft.com...
>> The goal is to be able to access multiple ISP's which do block DNS.

>
> The ISPs can't block DNS or their customers would not function.
> They can't block the public from their DNS because the public needs
> to query the ISP's DNS for the sake of customers that use the ISP as
> the Authoritative DNS for their domains.
>
> So an ISP's DNS needs to accept queries from anyone from anywhere at
> anytime.


Some ISPs, RoadRunner for one, do block outside requests to their resolving
DNS servers. Not only do they block access to the resolving DNS servers from
outside IPs, their own customers can only access RoadRunner's DNS servers,
access to any IP on 53 TCP/UDP is routed to their own servers. Do not
confuse these DNS servers with any Authoritative servers RoadRunner may
have, if they own any, Authoritative servers must be accessible from any IP.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


Reply With Quote
  #9  
Old 12-08-2008
Phillip Windell
 
Posts: n/a
Re: Using Forwarders Verses Root Hints

Glad I don't have them for an ISP.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:e$7FqOC$IHA.872@TK2MSFTNGP05.phx.gbl...
> Read inline please.
>
> In news:u$TIic8%23IHA.1040@TK2MSFTNGP03.phx.gbl,
> Phillip Windell <philwindell@hotmail.com> wrote:
>> "PP" <PP@discussions.microsoft.com> wrote in message
>> news:578CF5D9-8084-4BCB-9EC4-C0FCB06B5A02@microsoft.com...
>>> The goal is to be able to access multiple ISP's which do block DNS.

>>
>> The ISPs can't block DNS or their customers would not function.
>> They can't block the public from their DNS because the public needs
>> to query the ISP's DNS for the sake of customers that use the ISP as
>> the Authoritative DNS for their domains.
>>
>> So an ISP's DNS needs to accept queries from anyone from anywhere at
>> anytime.

>
> Some ISPs, RoadRunner for one, do block outside requests to their
> resolving DNS servers. Not only do they block access to the resolving DNS
> servers from outside IPs, their own customers can only access RoadRunner's
> DNS servers, access to any IP on 53 TCP/UDP is routed to their own
> servers. Do not confuse these DNS servers with any Authoritative servers
> RoadRunner may have, if they own any, Authoritative servers must be
> accessible from any IP.
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
>
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>



Reply With Quote
  #10  
Old 12-08-2008
Phillip Windell
 
Posts: n/a
Re: Using Forwarders Verses Root Hints


"DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message
news:1qc1a49q312l12l1v1flsjaf4o0hu0gi2t@4ax.com...
> In message <u$TIic8#IHA.1040@TK2MSFTNGP03.phx.gbl> "Phillip Windell"
> <philwindell@hotmail.com> wrote:
>
>>"PP" <PP@discussions.microsoft.com> wrote in message
>>news:578CF5D9-8084-4BCB-9EC4-C0FCB06B5A02@microsoft.com...
>>> The goal is to be able to access multiple ISP's which do block DNS.

>>
>>The ISPs can't block DNS or their customers would not function.
>>They can't block the public from their DNS because the public needs to
>>query
>>the ISP's DNS for the sake of customers that use the ISP as the
>>Authoritative DNS for their domains.

>
> There is no requirement that an ISP use the same set of resolvers for
> their customers as they use for authoritative DNS for hosted domains.
>
>>So an ISP's DNS needs to accept queries from anyone from anywhere at
>>anytime.

>
> Even if that were the case, if your local ISP blocks it's own customers
> from performing DNS lookups against third party servers, having open DNS
> servers doesn't help you.


Well that settles it,...the world is going to have to bend to my will and do
eveything my way.
Its the only solution to the world's woes,...and world hunger.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Using Forwarders Verses Root Hints"
Thread Thread Starter Forum Replies Last Post
Using 4.2.2.2 and 4.2.2.1 as forwarders Bob Windows Server Help 8 03-08-2010 03:45 PM
DCDiag Test - DNS Root hints list has invalid root hint server Sean Windows Server Help 5 07-06-2010 10:47 PM
RPM Verses Debian Doroteo Operating Systems 5 29-12-2009 04:50 AM
How to resolve error of "Root hints list has invalid root hint ser SinguIar Active Directory 3 13-10-2007 06:16 PM
DNS test fails with dcdiag /test:dns - TEST: Forwarders/Root hints (Forw) MartinH Windows Server Help 6 20-06-2006 07:20 PM


All times are GMT +5.5. The time now is 08:25 AM.