0

Thanks for your help. I have a windows 2012 r2 server we are using for an internal DNS. This DNS server requires and external connection in order to use GADS (Google apps directory sync) and Google password sync. Is there a better way to make these services work without adding a forwarder to a public dns or my current solution which I would ideally like to look like this:

User -> Internal DNS -X- Public Dns (For internal Resolutions)

Internal DNS -> Public DNS -> Google services

User -> Public DNS (For external resolutions)

So my issue is stopping my internal DNS then forwarding user traffic externally, but keeping the DNS's external connectivity.

Thanks again :)

Luke Rixson
  • 51
  • 4
  • What exactly are you trying to accomplish? The only real difference in somehow doing what you have suggested (Not sure it is possible) is to reduce the load on the internal DNS server. – Drifter104 Oct 17 '16 at 15:45
  • Precisely that, I do not wish to have that load on the server. We already have an external DNS server which is now not being used and putting load on an internal DNS server which is not built to handle that kind of stress – Luke Rixson Oct 18 '16 at 08:35
  • Do zoning then -> forward every query which needs to go outside to your public dns and that's it....... or at least conditional forwarders - but I'd stick with dsn zoning - it's better scalable and if your company grows you'll still be able to tune it more. – Michal Oct 18 '16 at 14:58
  • I am already doing zoning, However I am not sure how to separate incoming traffic being able to then talk to the external zone – Luke Rixson Oct 19 '16 at 08:16
  • I believe the answer is you can't. Windows clients will simply send the DNS request to the servers it is configured with. As soon as the request hits the server you have not done what you want to do which is reduce the requests to the server. – Drifter104 Oct 19 '16 at 10:19
  • @LukeRixson - https://technet.microsoft.com/en-us/library/cc771898(v=ws.11).aspx and more importantly https://technet.microsoft.com/en-us/library/cc753398(v=ws.11).aspx – Michal Oct 19 '16 at 12:22
  • Hi Drifter, Thanks but I think you misunderstand. Traffic will be considerably higher if all public and private traffic goes though the internal dns. However, If only private traffic is allowed inbound but not outbound instead of routing private traffic through for there external requests as well – Luke Rixson Oct 20 '16 at 12:05

1 Answers1

0

The answer was to do a split DNS horizon and have incoming clients point to one dns which is purely for AD dns internal. The server itself will talk to the other dns which can resolve externally using forwarders.

Luke Rixson
  • 51
  • 4