Managing DNS servers may seem like a basic task for a network administrator, but there are plenty of opportunities for things to go wrong. Without a reliable DNS, business applications such as email, web services, and VoIP cannot function. Poorly managed or improperly configured DNS servers can cause network slowdowns that are felt by all employees.

For example, if you’re managing the DNS for a large organization with offices around the world but don’t have a local DNS server, users can feel network slowdowns when trying to do simple things like connecting to a printer or opening a web page.

If you’re experiencing poor network performance or running into other DNS related issues, check out our list of Dos and Don’ts for managing DNS Servers.



Have at Least Two DNS Servers – For organizations large and small, having a second DNS server for redundancy. Having a failover will prevent major problems if a DNS server fails, shutting down email and other business-critical functions.

Have a Local DNS – As we mentioned, without at least cache of the DNS stored locally, network performance will be slow. If possible, have a local DNS at every office location to preserve network bandwidth.

Use the Root – If you are a large organization with a distributed network, consider using internal root servers. Internal root servers can increase scalability, efficiency, and control for large, distributed networks.

Protect with Inside the Firewall – Private DNS servers should be located inside the network, so they can be protected by the firewall. To limit access to the DNS, have remote users use VPNs to connect to internal resources.

Seek High Performance – For enhanced performance and reliability, consider configuring the internal primary DNS server as a Hidden Master.


Configure Unnecessary Forwarding – For large organizations with local DNS servers, configuring them to forward to a centralized location or HQ, or any poorly configured forwarding, can cause network performance issues.

Forget to Update Root Hints – Odds are, updating your root hints file falls pretty low on your list of things to do, but it’s important to keep it up to date with InterNIC. If it has been updated, then the local root hints file must be updated on all DNS servers.

Split Your Egress Path – DNS resolution should go out along the same path as Internet traffic. If not, you might be routing traffic inefficiently. Resolution traffic may need to travel further than is necessary to the local resource and back, which can cause slow response times.

Rely on Non-Locally Hosted Proxies – For example, if you’re using cloud proxy to access a SaaS service and are running into performance issues, that proxy may be connecting to endpoints on the other side of the globe. If the proxy connected to locally hosted resources instead, performance would be much improved.


Your DNS is the Foundation of Your Network

If your DNS doesn’t work, neither will your network. All of the Dos and Don’ts listed here can be avoided with planning, basic maintenance, and testing. Include DNS maintenance in your annual network maintenance to ensure that incorrect configuration isn’t impacting network performance or that your root hints file is out of date.