Setup home dns server will affect isp dns?

[ggnfs000]

Ok i setup domain name sj.home which is administered by win2012 server at home. No ad dc just dhcp and dns.  Comcast l's f-ing router always sux, this one i have doesnt let me disable its own dhcp so i setup its scope to just 1 IP address capacity and another dhcp from winserver. For dns i am using 3 dns -s. Comcast's own 75.75.75.75, 75.75.76.76 and the one i setup at home 10.0.0.100. Dhcp network is also 10.0.0.0/24. I got everything working and dns entries are being added dns zones and can see that. Only concern is dhcp server will send out 3 dns server ip and whether hosts will try to send updates to comcast dns which i assume may not. I am assuming that is no because it is different network. For that i did simple experiment, made the winserver a mhomed host by adding another interface 11.0.0.0/24 along with corresponding dhcp and dns entries. I see no 10.0.0.0 entries in 11.0.0.0 zones which pretty much amswered my question. The only thing i am not certain is whether zone rejected the update while hosts were sending 10.0.0.0 addresses to 11.0.0.0 or not sending updates to networks / dns server outside its local network. I think for that i can setup another simple experiment by setting up wireshark listen on 11.0.0.0 interface. Thx.,

[icecream-guy]

are we talking forward or reverse DNS.


Any non-RFC 1918 address, needs to have an authoritative DNS server so the main DNS servers at the top know where to look.
I take it these DNS servers were not registered. which they shouldn't be since you are not authoritative over 11.0.0.0

 

[ggnfs000]

I am talking about both reverse and fwd zones but I am mostly interested in fwd zone as it enables logging to any system without regards to its IP address for convenience.

Some of my home pc and laptops started failing to connect to internet (on network status it is connected but no internet access).  At least one of my laptop has no access to some of the websites (not all) i.e. www.ebay.com, www.facebook.com became inaccessible. I isolated this due to the fact that in the IPv4 applet, I specified the dns as sj.home domain and specified both comcast DNS ip (2 of them) and home DNS (serving domain sj.home).

My rough guess is that two different root domain competing in those environment. i came to this conclusion after removing the sj.home domain from network interface properties. Then problem went away.

Anyway, I only spent few days with dns, looks like much more learning is underway .

[Dieselboy]

the domain "sj.home" will tell your computer that dns for *.sj.home will be found at those DNS servers you specify.

It wont affect your isp dns because sj.home is not a real domain, so will only be used if you have say a web server that you manage at something.sj.home.

I've had internet problems because of ISP dns before, so out of habit I have not used ISP dns for around 10 years or more. It can be a bit cumbersome to manage a dns server just so a few computers can get reliable internet access (in my opinion anyway) so what I do for me and my parents etc is set the DHCP scope to issue DNS servers of my choosing. I use a mixture of opendns, googles dns and the 1.1.1.1 dns.
All of those are usually fast enough to give trouble free internet access. This should give you a like-for-like DNS. It wont give you reverse dns lookups or your own internal domain.

If you need the internal dns stuff then if your router allows it, you may be able to set your dhcp scope to issue a single dns server of your modem/router IP. Then in the modem/router you would configure those dns servers. With this your modem will forward dns requests it receives. And then you could configure dns mappings on there if it allows.

HTH

[deanwebb]

I make my AD domain controller the DNS server for my home network, and then the DC will have the ISP DNS for handing off anything not intended for local traffic.

[Dieselboy]

Dean, if you remove the dns forwarder from your AD DNS then it will use root dns servers (lots) that it gets via windows update. Should be more resilient imo. Then you can run the powershell command to turn on dnssec if you havent already. I have a feeling my firepower was affecting my dnssec before, but I googled about that and didn't find anything. When I have time to look at it next I'll wireshark the doodly.
I always have a problem with stale PTR records. Mostly Macs I noticed, though.