"Yes, machines are using DNS provided by router (ISP).
This is going to cause you NOTHING but ISSUES!!! All members of a domain NEED to point to the AD DNS - if they do not then they can not correctly resolve SRV records, etc..
All machines in your network can point to AD dns - even if they are NOT members of the domain, this is not going to hurt anything. Then your AD dns points to ISP or direct from roots.
Anyone that would point a AD member to non AD dns clearly has not even the most basic understanding of how DNS is integrated into AD.http://mcpmag.com/ar...ur-network.aspx 10 DNS Errors That Will Kill Your Network1. TCP/IP Configuration Points to Public DNS Servers
This is by far the most common DNS error. Each network interface has a set of TCP/IP settings that lists the DNS servers used by that interface.
If the TCP/IP settings for a member computer specify the IP address of a public DNS server—perhaps at an ISP or DNS vendor or the company’s public-facing name server—the TCP/IP resolver won’t find Service Locator (SRV) records that advertise domain controller services, LDAP, Kerberos and Global Catalog. Without these records, a member computer can’t authenticate and get the information it needs to operate in the domain. It then acts like a teenager who can’t get the car keys, growing sullen and exhibiting a variety of bad behaviors.