6.5 Sample Resolver Configurations

Let's go over what some Windows Server 2003 resolver configurations look like on real hosts. Resolver configuration needs vary depending on whether or not a host runs a local name server, so we'll cover both cases: hosts using remote name servers and hosts running name servers locally.

6.5.1 Remote Name Server

We, as the administrators of movie.edu, have been asked to configure a professor's new workstation, which doesn't run a name server. Deciding which domain the workstation belongs in is easy: there's only movie.edu to choose from. However, the professor is working with researchers at Pixar on new shading algorithms, so perhaps it'd be wise to put pixar.com in her workstation's list of DNS suffixes to append.

The new workstation is on the network, so the closest name servers are wormhole.movie.edu ( and terminator.movie.edu ( As a rule, you should configure hosts to first use the closest name server available. (The closest possible name server is a name server on the local host; the next closest is a name server on the same subnet or network.) In this case, both name servers are equally close, but we know that wormhole is bigger (it's a faster host, with more capacity).

Since this particular professor is known to get awfully vocal when she has problems with her computer, we'll also add terminator.movie.edu ( as a backup name server. That way, if wormhole is down for any reason, the professor's workstation can still get name service (assuming terminator and the rest of the network are up).

Figure 6-13 shows what her workstation's resolver configuration will look like.

Figure 6-13. Example resolver configuration

6.5.2 Local Name Server

Next, we have to configure the university mail hub, postmanrings2x, to use DNS. postmanrings2x is shared by all groups in the movie.edu domain. We've recently configured a name server on the host to help cut down the load on the other name servers, so we should make sure the resolver queries the name server on the local host first.

If we decide we need a backup name server?a prudent decision?we can add a name server to the DNS server addresses, in order of use field. Whether or not we configure a backup name server depends largely on the reliability of the local name server. A robust name server implementation will keep running for longer than some operating systems, so there may be no need for a backup. If the local name server has a history of problems, though?say it hangs occasionally and stops responding to queries?it's prudent to add a backup name server.

To add a backup name server, we just list the local name server first in the list of DNS suffixes to append and then list one or two backup name servers. Since we'd rather be safe than sorry, we're going to add two backup name servers. postmanrings2x is on the network, too, so terminator and wormhole are the closest name servers to it (besides its own). The final configuration is shown in Figure 6-14.

Figure 6-14. Another example resolver configuration