Fundamentals of DNS in a Small Business Network
When I’m out visiting a network for the first time, the one thing I check before anything else is how DNSis implemented. I am amazed how often I find the configuration subpar. A proper DNS setup is vital to keep the network operating smoothly. Improper setups can cause traffic slowdown, authenication issues, and produce a plethora of strange errors. So I want to do a quick rundown of a standard way to set it up, and some ideas for dealing with unexpected issues.
First, we want to operate with the philosophy that the servers are the brains of the network. This means we let the servers do the heavy DNS lifting and let the PC’s run and play with their programs. We also want to keep things somewhat simple because a complicated DNS setup will just cause you problems later on.
- The PC’s should point the DNS setting on the network card to the Internal DNS Servers. If the PC’s get their address information from DHCP, then we input the Internal DNS Servers as the DNS option in the DHCP scope. Do not use any External DNS entries.
- Non-DNS servers also point their network card settings to use the Internal DNS Servers for DNS. Again, do not use any External DNS entries.
- The Internal DNS Servers point their network card settings to themselves, either by using their own IP, or using 127.0.0.1.
- The Internal DNS Servers then point their DNS Forwarders to the ISP’s DNS servers, or you can use any other public DNS server that may be located in the area. DNS Forwarders are setup in the Properties of the Server in the DNS management console.
A common scenario that comes along that makes people change this standard setup is what happens to the PC’s internet use if the DNS servers should go down. The answer is they can’t use the internet, so the IT Admin adds External DNS servers into the PC’s network card settings. This can cause those problems mentioned above. I’ve seen many times where a PC starts trying to ask the External DNS server first where to find a Internal resource. Of course the External server has no idea and tells the PC such, and then the user’s program breaks or they get a strange error.
A better plan is to just quickly change the DHCP to hand out an External DNS server instead if you find yourself in that situation. A quick reboot or network card refresh, and everyone is back on the internet while you sort out what’s wrong with the DNS servers. After they are back online, you can easily change the DHCP options back