Back to basics - Root Hints vs Forwarders
Hi all. I'm wondering if there is a 'best practice' with regards to DNS Forwarders and Root hints in general? I'll describe my situation and perhaps it'll make it clearer what I'm looking for.
We have an AD domain, Server 2008 R2 native. 2 DC's handling DHCP and DNS. On those 2 DNS Servers, I have forwarders setup for our 'schoolzone' ISP's DNS servers, so obviously any DNS queries that are outside of my AD get forwarded to those DNS servers. This all works fine and as expected.
Recently however, I have introduced a second DSL router onto the network, to separate the traffic from our 'admin' side of the school from the 'teaching and learning' side of things. I'm using DHCP reservations to dish out IP addresses to my admin PCs, and DHCP option 003 to specify the new DSL router as the router. I have added forwarders for the DSL's ISP to the internal DNS servers also.
The result is that although internet access for the admin PCs is working, it is very slow. I think this is due to the fact that the 'SchoolZone' DNS servers are private only to traffic from within the SchoolZone network. i.e from our SchoolZone router. So what happens is:
- admin PC requests DNS resolution for an internet address
- Internal DNS servers cannot service the request, so they forward the request to the schoolzone DNS servers first
- traffic is going out through the normal DSL router, so cannot connect to the schoolzone DNS
- Attempts this twice (once for each SchoolZone DNS), fails
- Finally gets to the third DNS forwarder in the list which resolves the address and the page loads
So my question is should I perhaps remove the forwarders from my DNS servers and rely on root hints only? Or would this be worse? Or should I be configuring things differently? I don't currently have the option to setup VLANs etc.
Hope this makes sense. Thanks