Hi,I have just rebuilt our 2003 Server, it is the Active Directory and Domainserver. All PCs on the network use this server, and the router/firewall, as thier DNS servers.Do I need to point to external/ISP DNS servers on this Domain server? My users are complaining about performance, I am sure I have configured DNS/WINS incorrectly.What is the easiest, most basic configuration for this? we are a very small office with only about 13 PCs.Thanks for your help!J

All client PCs (and the DC itself) should use the DC _only_ for DNS. No secondary DNS setting. If client machines use an external DNS to try to find an AD resource, response will be very slow of simply fail. The local DNS should forward to a public DNS. This can be the DNS server at your ISP. WINS is pretty straight forward. Just configure all machines with the WINS server IP. It is important that all machines register with WINS to prevent fallback to broadcasts.Bill

"The local DNS should forward to a public DNS. This can be the DNS server at your ISP."Do I do this in the DNS configuration snap-in by setting up a forwarder and telling it the IP of our ISP DNS server address?J

Yes, that sounds right.Bill

good u can forward the local dns to isp dns server,for more security u can try using the Cache server too.that will help u a lot.

Hi,Bill, would you recommend adding the ISP's DNS server to the NIC of the DC? Because in a similar scenario to the one mentioned here, we have a DC that acts as a DNS, andDHCP, 2 forwarders are configured, however in the TCP/IPv4 config, in theDNS server addresses we have added the local IP of the DC, as well as the ISP DNS as an Alternate DNS server....!Thanks!

It is best not to include any external DNS addresses as alternate DNS settings for any AD servers or clients. If you use an external DNS server when looking for an AD resource, it will fail (because an external DNS server does not have the SRV records for your AD setup). External DNS addresses should only be used for forwarding, not as altenate DNS addresses.Bill

WINS is old school. Have a look at GlobalNames Zones. This should give you some idea on the concept: http://robsilver.org/misc/why-wins-will-be-here-for-some-time-or-not/ Regards, Rob