Pointing internal DNS to outside DNS

I posted this before under another section a few days ago and need more info.

Our System: WIndows Server 2003 Standard, SP2, Windows XP workstations SP2

Our DNS was in house and, after getting a T1 line, is now being managed by a
very large and reputable outside source.

We are not seeing the T1 speed,(seems same as older DSL), certain
workstations are losing connection to a printer daily, and I am seeing some
PCs needing to restart due to lost / dropped network connections. The
network has not crashed though.

The new cisco router is managed by that firm and assigns the DNS entries
through DHCP. THe DNS addresses are to the outside firm.

I took the inhouse DNS address (192.168.1.x) off the network connections
properties in our server.

It was suggested in response to one of my prior posts (Jan 22, 2009) that
this is a bad idea. That I should point the workstations to our inhouse DNS
and point that to the DNS of the outside firm.

I have not been into DNS much. How do I do this?

"Anthony Fontana" <(E-Mail Removed)> wrote in
message news:43DF7AA0-BD69-4EB5-AACF-(E-Mail Removed)...
>I posted this before under another section a few days ago and need more
>info.
>
> Our System: WIndows Server 2003 Standard, SP2, Windows XP workstations SP2
>
> Our DNS was in house and, after getting a T1 line, is now being managed by
> a
> very large and reputable outside source.

Not is isn't. That isn't hardly even possible,..who told you that?

The DNS on the LAN and the DNS externally on the Internet have absolutely
nothing to do with each other. The only thing they have in common is that
they both start with "D".

Your LANs DNS is handled by your Domain Controllers and there is no way that
this is ever going to move to something else. The DNS for the Internet has
*always* been the ISP,...it has nothing to do with having a T1 line or not
having a T1 line.

It is this simple:

All machines (I mean All,....every last one) on the LAN use the Domain
Controllers for the DNS in their TCP/IP Config. The the ISP's DNS IP# get
entered into the Forwarders List within the DNS Service MMC on each Domain
Controller by rightclicking on the server name and choosing the Forwarders
Tab.

Make sure your Firewall (which also should use the DC for the DNS) allows
the Domain Controllers to make outbound DNS Queries.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Anthony Fontana" <(E-Mail Removed)> wrote in
message news:43DF7AA0-BD69-4EB5-AACF-(E-Mail Removed)...
>I posted this before under another section a few days ago and need more
>info.
>
> Our System: WIndows Server 2003 Standard, SP2, Windows XP workstations SP2
>
> Our DNS was in house and, after getting a T1 line, is now being managed by
> a
> very large and reputable outside source.
>
> We are not seeing the T1 speed,(seems same as older DSL), certain
> workstations are losing connection to a printer daily, and I am seeing
> some
> PCs needing to restart due to lost / dropped network connections. The
> network has not crashed though.
>
> The new cisco router is managed by that firm and assigns the DNS entries
> through DHCP. THe DNS addresses are to the outside firm.
>
> I took the inhouse DNS address (192.168.1.x) off the network connections
> properties in our server.
>
> It was suggested in response to one of my prior posts (Jan 22, 2009) that
> this is a bad idea. That I should point the workstations to our inhouse
> DNS
> and point that to the DNS of the outside firm.
>
> I have not been into DNS much. How do I do this?
>

There is some information missing in this post to give a complete answer, at
least one that will absolutely solve your problem.

The last post was under the assumption that the DNS zone you had hosted
inside and since been moved outside was the same zone as your Active
Directory domain. Though it would be considered very bad, it is possible to
host AD DNS zone outside your network as long as the DNS servers accept
dynamic DNS registrations, include subdomains under the zone being hosted.
Again, I would highly recommend against this.

Is your Active Directory domain also a legitimate domain in the real world?
for example, is your AD domain 'microsoft.com' making it possible to host it
on the internet? Or is it something like 'microsoft.local'?

In either case, I would recommend hosting AD domain on your domain
controllers and pointing everything on your internal network to your domains
controllers for DNS resolution. The DCs will resolve both inside and
outside records as long as udp 53 is open for your DCs through your firewall
/ router.

In any case, short of an ISP having a division specifically for the
management of Microsoft Networks, I would not let an ISP do anything beyond
the installed router. Hosting DNS, especially for internal computers,
absolutely not. DNS resolution and caching is fine, but not hosting. I
must mention that the issues your describing, though the DNS setup is likely
bad and can/will cause issues, may not be entirely related to DNS.