DNS Servers Setup Configuration & best practise

Question

we are have connectivity issues between our office & the servers hosted in the cloud. We think its a DNS issue and we like some advise if the below setup is the best practice and or do we need to change anything to make connections within the office and with the cloud servers, best.201

We have a mix of Windows 2022, 2019 & 216 servers

Users in Office 1 authenticate to DC-01 doesn’t not need to use DC-03 for any authentication.

DC-03 is only for replication of AD from (DC-01 + DC02) & serves as RDP Licensing Server

SQL server is for an application on the web.

10 users in office 1 use RDWebApp on RDS-01 to remote access an application core module using RDP

Are my DNS settings for each of these servers, correct?

Do we need to have DC-03 on the Name Servers list in Office-1?

Do we need DC-01 & DC-02 on the Name Servers list on DNS Server in DC-03?

DNS on “Cloud Setup “is purely for the servers to talk to each other? We only need DC-03 to be a GC, DNS for SQL & RDS so that authenticated users from “Office-1” can access RDWebApp.

 

Firewall Settings

IP: 192.168.38.2

DNS 01 - 192.168.38.5 - DC-01

DNS 02 - 192.168.38.6

DNS 03 - 8.8.8.8 - Google DNS 

DC-01

DHCP Scope

003 Router - 192.168.38.2 (Firewall ip)

006 DNS - 192.168.38.5 (DC-01) & 192.168.36.6 (DC-02) 

DNS Settings

Interfaces

Listens to ONLY "192.168.38.5"

Forwarders

1. ISP DNS
2. ISP DNS 02
3. Google DNS 

Forward Lookup Zone

_msdcs.domain.local

Name Servers

1. DC-01
2. DC-02

Zone Transfers

1. DC-02

Domain.local

Name Servers

1. Dc-01
2. DC-02
3. DC-03

Zone Transfers

1. DC-02

Reverse Lookup Zone

192.168.38

Name Servers

1. DC-01
2. DC-02

Zone Transfers

1. DC-02 

172.29.4

Name Servers

1. DC-01
2. DC-02

Zone Transfers

1. DC-02

---

DC-02

DNS Settings

Interfaces

Listens to ONLY "ALL IP Addresses"

Forwarders

1. ISP DNS
2. ISP DNS 02
3. Google DNS 

Forward Lookup Zone

_msdcs.domain.local

Name Servers

1. DC-01
2. DC-02

Zone Transfers

Nil

Domain.local

Name Servers

1. Dc-01
2. DC-02
3. DC-03

Zone Transfers

1. Nil 

Reverse Lookup Zone

192.168.38

Name Servers

1. DC-01
2. DC-02

Zone Transfers

1. Nil

172.29.4

Name Servers

1. DC-01
2. DC-02

Zone Transfers

1. Nil 

---

DC-03

DNS Settings

Interfaces

Listens to ONLY "ALL IP Addresses"

 

Forwarders

1. Open DNS01
2. Open DNS02
3. DC-01
4. DC-02

Forward Lookup Zone

_msdcs.domain.local

Name Servers

1. DC-01
2. DC-02

Zone Transfers

1. Nil

Domain.local

Name Servers

1. Dc-01
2. DC-02
3. DC-03

Zone Transfers

1. Nil

Reverse Lookup Zone

192.168.38

Name Servers

1. DC-01
2. DC-02

Zone Transfers

1. Nil 

172.29.4

Name Servers

1. DC-01
2. DC-02 

Zone Transfers

1. Nil

Ping & Tracert of OS{ DNS01

Ping & Tracert of ISP DNS 02

Ping & Tracert of Public DNS - Google DNS, 1.1.1.1, 1.0.0.1

Answer 1

Hi Sunith,

I'd be happy to help you out with your question. Sorry for the inconvenience caused.

You can try following DNS server setup and configuration :-

1. For DNS Server Configuration :-

DC-01 and DC-02 :- Both DC-01 and DC-02 should be configured as DNS servers for the domain.local domain.

Set up with primary and secondary zones for the domain.local domain, and should be configured to replicate with each other and also be configured as Global Catalog servers.

DC-03 :- For DC-03 get it configured as a DNS server for the domain.local domain, and set up as a Global Catalog server. Also, it should not be configured as a primary or secondary DNS server for the domain.local domain.

Cloud Setup :- DNS on the cloud servers need to be configured to allow the servers to communicate with each other. Need to be configured to point to DC-03 as the primary DNS server for authentication purposes.

2. DNS Server Name Servers Configuration:

Office-1 :- For this the DNS server list for Office-1 need to include only DC-01 & DC-02, since these are the primary & secondary DNS servers for the domain.local domain.

DC-03 : For this the DNS server list for DC-03 should include DC-01 & DC-02 as the primary & secondary DNS servers for the domain.local domain. It should not include DC-03 itself.

3. Firewall DNS Configuration:

DNS 01: This need to be set to the IP address of DC-01 (192.168.38.5).

DNS 02: This need to be set to the IP address of DC-02 (192.168.38.6).

DNS 03: This need to be set to a public DNS server such as Google DNS (8.8.8.8).

4. DNS Server Forwarders Configuration:

All DNS servers need to be configured with forwarders to one or more external DNS servers, to handle queries for domains outside the domain.local domain.

5. Ping and Tracert Tests:

You need to perform ping & tracert tests to each of the DNS servers listed in the configuration, as well as to the external DNS servers listed as forwarders.

This will help you identify any connectivity issues & ensure that DNS queries are being properly routed.

For more Information Please refer to following Documentation :- https://learn.microsoft.com/troubleshoot/windows-server/networking/best-practices-for-dns-client-settings

If you have any other questions or need assistance with anything, please don't hesitate to let me know. I'm here to help.

If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.