Skip to main content

Windows Server 2016 - DNS, Domain Controller proper configuration, Active Directory [Resolved]

Reading on the webs for proper network configuration for Active Directory Internal and DNS1,2 external and connecting them all together have not found a clear answer as to how to implement this.

I have a domain lets use i've created my Domain controller and configured the domain as

I have two other machines NS1 & NS2 that will be handling public facing DNS resolution for and have a third machine for exchange.

What is the proper configuration method for ActiveDirectory primary domain controller and two public facing DNS servers.

Should the domain controller have my publicly facing or only the DNS1 & DNS2 machines?

What happens when connecting DNS1 & DNS2 to my domain within my local network for public facing DNS resolution?

within AD, should the DNS zone be setup as with a sub-domain of or two separate zones for and, how do the two DNS servers correlate with this?

Question Credit: UserSN
Question Reference
Asked March 10, 2018
Posted Under: Network
1 Answers

No you should not use the public DNS servers internally.

Set clients to use internal DNS servers and those servers can forward requests that they are unable to resolve to the public DNS servers.

You do not want information about internal computers being available for external computers to obtain by making requests to your public DNS servers.

Windows Server 2016 also includes some new features like restricting client DNS requests from specific addresses. You might want to look into that. Also you want to ensure you properly firewall off the internal infrastructure and the public infrastructure. If you aren’t sure how to do that then engage a qualified professional. Configuring your network incorrectly can lead to security problems. DNS controls a lot and configuring DNS servers improperly can cause connectivity and security problems you don’t want to have.

credit: user5870571
Answered March 10, 2018
Your Answer