Results 1 to 10 of 10

Thread: Using Forwarders Verses Root Hints

  1. #1
    PP Guest

    Using Forwarders Verses Root Hints

    Hi

    I am a little confused on how to configure my DNS server which I have
    installed on a ship, which is set up as its own forest.
    The problem is I have several ways to connect to the internet and each
    connection has it own DNS which I have added as a DNS forwarder to my server.
    We sometimes have problems with clients resolving names and to correct it we
    simply change the ranking of the forwarders, which don’t make sense to me as
    I thought if the first forwarder failed to obtain an answer it would go to
    the next forwarder. Also when setting up my forwarders I selected Do Not Use
    Recursion so I wouldn’t use Root Hints. Now I am wondering if I shouldn’t use
    Forwarders and just change my Root Hints to show only DNS servers I will be
    connecting to. Other than being able to use Conditional Forwarding, can
    someone tell me if there is an advantage/disadvantage to using Forwarders
    verses modifying the Root hints?



  2. #2
    Kevin D. Goodknecht Sr. [MVP] Guest

    Re: Using Forwarders Verses Root Hints

    Read inline please.

    In news:FD9E599C-EC26-4A2C-82FA-C1A9BE85CC20@microsoft.com,
    PP <PP@discussions.microsoft.com> wrote:
    > Hi
    >
    > I am a little confused on how to configure my DNS server which I have
    > installed on a ship, which is set up as its own forest.
    > The problem is I have several ways to connect to the internet and each
    > connection has it own DNS which I have added as a DNS forwarder to my
    > server. We sometimes have problems with clients resolving names and
    > to correct it we simply change the ranking of the forwarders, which
    > don't make sense to me as I thought if the first forwarder failed to
    > obtain an answer it would go to the next forwarder. Also when
    > setting up my forwarders I selected Do Not Use Recursion so I
    > wouldn't use Root Hints. Now I am wondering if I shouldn't use
    > Forwarders and just change my Root Hints to show only DNS servers I
    > will be connecting to. Other than being able to use Conditional
    > Forwarding, can someone tell me if there is an advantage/disadvantage
    > to using Forwarders verses modifying the Root hints?


    If you are going to use a Forwarder, make sure the Forwarder is always
    available, no matter which internet connection you use. Some ISPs block
    access to their DNS servers unless you are connecting from one of their IP
    addresses. If your forwarders are not available from all connections, your
    best bet is to not use forwarders at all and let your DNS server use Root
    Hints. As far as this Statement:
    "Now I am wondering if I shouldn't use
    > Forwarders and just change my Root Hints to show only DNS servers I
    > will be connecting to"


    The Servers listed on the Root Hints tab must have a Root Zone, which most
    DNS servers do not. It doesn't mean you must use only the default 13 Root
    servers on the Root Hints tab, this means that whatever server are on the
    Root Hints tab, they must have a Root Zone that has been delegated with all
    TLDs.


    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps

    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================



  3. #3
    PP Guest

    Re: Using Forwarders Verses Root Hints

    Thanks Kevin, from what you've told me Root Hints will not work in my
    situation either so I will have to use forwarders. You said to ensure the
    forwarder is available, in my situation that is not possible, that is why I
    use several forwarders, is there a way to tune the way multiple forwarders
    are handled?



    "Kevin D. Goodknecht Sr. [MVP]" wrote:

    > Read inline please.
    >

    In news:FD9E599C-EC26-4A2C-82FA-C1A9BE85CC20@microsoft.com,
    > PP <PP@discussions.microsoft.com> wrote:
    > > Hi
    > >
    > > I am a little confused on how to configure my DNS server which I have
    > > installed on a ship, which is set up as its own forest.
    > > The problem is I have several ways to connect to the internet and each
    > > connection has it own DNS which I have added as a DNS forwarder to my
    > > server. We sometimes have problems with clients resolving names and
    > > to correct it we simply change the ranking of the forwarders, which
    > > don't make sense to me as I thought if the first forwarder failed to
    > > obtain an answer it would go to the next forwarder. Also when
    > > setting up my forwarders I selected Do Not Use Recursion so I
    > > wouldn't use Root Hints. Now I am wondering if I shouldn't use
    > > Forwarders and just change my Root Hints to show only DNS servers I
    > > will be connecting to. Other than being able to use Conditional
    > > Forwarding, can someone tell me if there is an advantage/disadvantage
    > > to using Forwarders verses modifying the Root hints?

    >
    > If you are going to use a Forwarder, make sure the Forwarder is always
    > available, no matter which internet connection you use. Some ISPs block
    > access to their DNS servers unless you are connecting from one of their IP
    > addresses. If your forwarders are not available from all connections, your
    > best bet is to not use forwarders at all and let your DNS server use Root
    > Hints. As far as this Statement:
    > "Now I am wondering if I shouldn't use
    > > Forwarders and just change my Root Hints to show only DNS servers I
    > > will be connecting to"

    >
    > The Servers listed on the Root Hints tab must have a Root Zone, which most
    > DNS servers do not. It doesn't mean you must use only the default 13 Root
    > servers on the Root Hints tab, this means that whatever server are on the
    > Root Hints tab, they must have a Root Zone that has been delegated with all
    > TLDs.
    >
    >
    > --
    > Best regards,
    > Kevin D. Goodknecht Sr. [MVP]
    > Hope This Helps
    >
    > ===================================
    > When responding to posts, please "Reply to Group"
    > via your newsreader so that others may learn and
    > benefit from your issue, to respond directly to
    > me remove the nospam. from my email address.
    > ===================================
    > http://www.lonestaramerica.com/
    > http://support.wftx.us/
    > http://message.wftx.us/
    > ===================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ===================================
    > Keep a back up of your OE settings and folders
    > with OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ===================================
    >
    >
    >


  4. #4
    DevilsPGD Guest

    Re: Using Forwarders Verses Root Hints

    In message <F599D42D-BC35-44C8-B873-3EE1F21C7764@microsoft.com> PP
    <PP@discussions.microsoft.com> wrote:

    >Thanks Kevin, from what you've told me Root Hints will not work in my
    >situation either so I will have to use forwarders. You said to ensure the
    >forwarder is available, in my situation that is not possible, that is why I
    >use several forwarders, is there a way to tune the way multiple forwarders
    >are handled?


    In short, no.

    What is the goal? I assume your DNS server provides your internal DNS
    services, including resolution of internet hosts?

    If so, all you really need to do here is not use any forwarders, instead
    relying on the built-in list of root hints. You'll need to go to
    Advanced, make sure that "Disable recursion" is not selected.

    Once in that configuration, reset the DNS cache and give it a try,
    unless your network or ISP blocks DNS, you should be good to go.

  5. #5
    PP Guest

    Re: Using Forwarders Verses Root Hints

    The goal is to be able to access multiple ISP's which do block DNS.

    "DevilsPGD" wrote:

    > In message <F599D42D-BC35-44C8-B873-3EE1F21C7764@microsoft.com> PP
    > <PP@discussions.microsoft.com> wrote:
    >
    > >Thanks Kevin, from what you've told me Root Hints will not work in my
    > >situation either so I will have to use forwarders. You said to ensure the
    > >forwarder is available, in my situation that is not possible, that is why I
    > >use several forwarders, is there a way to tune the way multiple forwarders
    > >are handled?

    >
    > In short, no.
    >
    > What is the goal? I assume your DNS server provides your internal DNS
    > services, including resolution of internet hosts?
    >
    > If so, all you really need to do here is not use any forwarders, instead
    > relying on the built-in list of root hints. You'll need to go to
    > Advanced, make sure that "Disable recursion" is not selected.
    >
    > Once in that configuration, reset the DNS cache and give it a try,
    > unless your network or ISP blocks DNS, you should be good to go.
    >


  6. #6
    Phillip Windell Guest

    Re: Using Forwarders Verses Root Hints

    "PP" <PP@discussions.microsoft.com> wrote in message
    news:578CF5D9-8084-4BCB-9EC4-C0FCB06B5A02@microsoft.com...
    > The goal is to be able to access multiple ISP's which do block DNS.


    The ISPs can't block DNS or their customers would not function.
    They can't block the public from their DNS because the public needs to query
    the ISP's DNS for the sake of customers that use the ISP as the
    Authoritative DNS for their domains.

    So an ISP's DNS needs to accept queries from anyone from anywhere at
    anytime.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------



  7. #7
    DevilsPGD Guest

    Re: Using Forwarders Verses Root Hints

    In message <u$TIic8#IHA.1040@TK2MSFTNGP03.phx.gbl> "Phillip Windell"
    <philwindell@hotmail.com> wrote:

    >"PP" <PP@discussions.microsoft.com> wrote in message
    >news:578CF5D9-8084-4BCB-9EC4-C0FCB06B5A02@microsoft.com...
    >> The goal is to be able to access multiple ISP's which do block DNS.

    >
    >The ISPs can't block DNS or their customers would not function.
    >They can't block the public from their DNS because the public needs to query
    >the ISP's DNS for the sake of customers that use the ISP as the
    >Authoritative DNS for their domains.


    There is no requirement that an ISP use the same set of resolvers for
    their customers as they use for authoritative DNS for hosted domains.

    >So an ISP's DNS needs to accept queries from anyone from anywhere at
    >anytime.


    Even if that were the case, if your local ISP blocks it's own customers
    from performing DNS lookups against third party servers, having open DNS
    servers doesn't help you.

  8. #8
    Kevin D. Goodknecht Sr. [MVP] Guest

    Re: Using Forwarders Verses Root Hints

    Read inline please.

    In news:u$TIic8%23IHA.1040@TK2MSFTNGP03.phx.gbl,
    Phillip Windell <philwindell@hotmail.com> wrote:
    > "PP" <PP@discussions.microsoft.com> wrote in message
    > news:578CF5D9-8084-4BCB-9EC4-C0FCB06B5A02@microsoft.com...
    >> The goal is to be able to access multiple ISP's which do block DNS.

    >
    > The ISPs can't block DNS or their customers would not function.
    > They can't block the public from their DNS because the public needs
    > to query the ISP's DNS for the sake of customers that use the ISP as
    > the Authoritative DNS for their domains.
    >
    > So an ISP's DNS needs to accept queries from anyone from anywhere at
    > anytime.


    Some ISPs, RoadRunner for one, do block outside requests to their resolving
    DNS servers. Not only do they block access to the resolving DNS servers from
    outside IPs, their own customers can only access RoadRunner's DNS servers,
    access to any IP on 53 TCP/UDP is routed to their own servers. Do not
    confuse these DNS servers with any Authoritative servers RoadRunner may
    have, if they own any, Authoritative servers must be accessible from any IP.

    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps

    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================



  9. #9
    Phillip Windell Guest

    Re: Using Forwarders Verses Root Hints

    Glad I don't have them for an ISP.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------

    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
    news:e$7FqOC$IHA.872@TK2MSFTNGP05.phx.gbl...
    > Read inline please.
    >
    > In news:u$TIic8%23IHA.1040@TK2MSFTNGP03.phx.gbl,
    > Phillip Windell <philwindell@hotmail.com> wrote:
    >> "PP" <PP@discussions.microsoft.com> wrote in message
    >> news:578CF5D9-8084-4BCB-9EC4-C0FCB06B5A02@microsoft.com...
    >>> The goal is to be able to access multiple ISP's which do block DNS.

    >>
    >> The ISPs can't block DNS or their customers would not function.
    >> They can't block the public from their DNS because the public needs
    >> to query the ISP's DNS for the sake of customers that use the ISP as
    >> the Authoritative DNS for their domains.
    >>
    >> So an ISP's DNS needs to accept queries from anyone from anywhere at
    >> anytime.

    >
    > Some ISPs, RoadRunner for one, do block outside requests to their
    > resolving DNS servers. Not only do they block access to the resolving DNS
    > servers from outside IPs, their own customers can only access RoadRunner's
    > DNS servers, access to any IP on 53 TCP/UDP is routed to their own
    > servers. Do not confuse these DNS servers with any Authoritative servers
    > RoadRunner may have, if they own any, Authoritative servers must be
    > accessible from any IP.
    >
    > --
    > Best regards,
    > Kevin D. Goodknecht Sr. [MVP]
    > Hope This Helps
    >
    > ===================================
    > When responding to posts, please "Reply to Group"
    > via your newsreader so that others may learn and
    > benefit from your issue, to respond directly to
    > me remove the nospam. from my email address.
    > ===================================
    > http://www.lonestaramerica.com/
    > http://support.wftx.us/
    > http://message.wftx.us/
    > ===================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ===================================
    > Keep a back up of your OE settings and folders
    > with OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ===================================
    >




  10. #10
    Phillip Windell Guest

    Re: Using Forwarders Verses Root Hints


    "DevilsPGD" <spam_narf_spam@crazyhat.net> wrote in message
    news:1qc1a49q312l12l1v1flsjaf4o0hu0gi2t@4ax.com...
    > In message <u$TIic8#IHA.1040@TK2MSFTNGP03.phx.gbl> "Phillip Windell"
    > <philwindell@hotmail.com> wrote:
    >
    >>"PP" <PP@discussions.microsoft.com> wrote in message
    >>news:578CF5D9-8084-4BCB-9EC4-C0FCB06B5A02@microsoft.com...
    >>> The goal is to be able to access multiple ISP's which do block DNS.

    >>
    >>The ISPs can't block DNS or their customers would not function.
    >>They can't block the public from their DNS because the public needs to
    >>query
    >>the ISP's DNS for the sake of customers that use the ISP as the
    >>Authoritative DNS for their domains.

    >
    > There is no requirement that an ISP use the same set of resolvers for
    > their customers as they use for authoritative DNS for hosted domains.
    >
    >>So an ISP's DNS needs to accept queries from anyone from anywhere at
    >>anytime.

    >
    > Even if that were the case, if your local ISP blocks it's own customers
    > from performing DNS lookups against third party servers, having open DNS
    > servers doesn't help you.


    Well that settles it,...the world is going to have to bend to my will and do
    eveything my way.
    Its the only solution to the world's woes,...and world hunger.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------



Similar Threads

  1. Using 4.2.2.2 and 4.2.2.1 as forwarders
    By Bob in forum Windows Server Help
    Replies: 8
    Last Post: 03-08-2010, 03:45 PM
  2. Replies: 5
    Last Post: 07-06-2010, 10:47 PM
  3. RPM Verses Debian
    By Doroteo in forum Operating Systems
    Replies: 5
    Last Post: 29-12-2009, 04:50 AM
  4. Replies: 3
    Last Post: 13-10-2007, 06:16 PM
  5. Replies: 6
    Last Post: 20-06-2006, 07:20 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,710,842,431.86890 seconds with 16 queries