1

Our Windows domain is far away. DNS performance is affected. Would it be possible for Windows clients to carry out external queries through an alternative DNS server directly? I understand this is not generally advised.

Xen
  • 458
  • 1
  • 4
  • 16

2 Answers2

4

No, the conditional forwarder are configured on the DNS server side, not on the client side sadly

I would deleguate a local server with a DNS role that could redirect to the remote DC all your domain resolution, and resolve all other locally.

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
  • Thanks so much. I was afraid that would be the case. We will just have to adjust our set-up accordingly. I have previously come across a company which had configured Google’s public DNS on its Windows clients. I imagine that would break so many things… not sure how they go about that. – Xen Jan 13 '19 at 04:44
  • I don't believe using a public DNS server is a problem provided that your Windows domain DNS is visible to the internet. That's considered inadvisable for security reasons, but I'm not aware of any technical reason that it wouldn't work. – Harry Johnston Jan 13 '19 at 09:08
  • 1
    @HarryJohnston I would not put a DC on a DMZ for that. I would suggest another server put in a DMZ for that purpose, but I would not suggest that as a local DNS solve the problem, and imply no security hole. Problem like client registering their DNS name would be to test, and that mean the public DNS must match the private name too. – yagmoth555 Jan 13 '19 at 12:42
  • Sorry, in retrospect I can see my comment was unclear. I didn't intend to suggest that this might be a sensible solution for the OP, just that it might explain why Windows still worked in the previous company the OP mentioned, where all the clients were using Google's DNS server. My guess is that they didn't even bother with a DMZ, just let the DNS traffic straight through the firewall. Not at all a good idea. – Harry Johnston Jan 13 '19 at 21:22
1

You can create a custom hosts file for each client that needs to authenticate with and/or use internal resources.

Dacid Salin
  • 204
  • 4
  • 12