This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 59%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
I'm implementing Active Directory running on a Windows 2019 in Azure VM (IaaS).
What is the best configuration for DNS forwarders / Conditional Forwarding (Forwarders in DNS Server)
We do have several other Windows server ins Azure running on VM's that will be part of the same domain.
Should i configure the DNS forwarder to my ISP or any public DNS like Google (8.8.8.8) or should i use AzureDNS (168.63.129.16)
Thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi,
On members machines and domain controllers , it's recommended to configure two or more domain controllers in the list of DNS servers in ip settings on each member machine.
On DNS server (it can be a DC if all DNS servers are hosted on domain controllers), you can set DNS forwarder , to forward all external DNS requests to external DNS it can be your ISP or google DNS server or another DNS server. you can set many forwarder to ensure the redundancy .
Thanks. So there is no need to set the AzureDNS (168.63.129.16) somewhere in my environment ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
@charlesthivierge-5859 , No you do not , But you will have a little less latency for DNS queries if you are pointing to Azure DNS as it is within same azure infrastructure. However, this will actually not be very significant for you if you are running just a 2019 server and small infrastructure so at the moment you can point it to either Google or Azure DNS. If you are running some application which relies on frequent and continuous DNS queries then you will see significant improvements by using Azure DNS itself. Hope this clarifies the answer. If the information provided helped please do accept the post by @ThameurBOURBITA as answer which will help improve the relevancy of the answer here and will also help the community members with similar doubts.
Many thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 6%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMV%3C/text%3E%3C/svg%3E)
As per this link, if you would like private DNS to be able to be resolved from member servers in the domain, you will need to set it to the Azure DNS 168.63.129.16:
https://github.com/dmauser/PrivateLink/tree/master/DNS-Integration-Scenarios