Re: Need help with DNS design and settings
From: Slater (slaterlovesspam_at_yahoo.com)
Date: 09/01/04
- Next message: Deji Akomolafe: "Re: Hosting public dns without domain name"
- Previous message: Mark Renoden [MSFT]: "Re: Need help with DNS design and settings"
- In reply to: Mark Renoden [MSFT]: "Re: Need help with DNS design and settings"
- Next in thread: Mark Renoden [MSFT]: "Re: Need help with DNS design and settings"
- Reply: Mark Renoden [MSFT]: "Re: Need help with DNS design and settings"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 01 Sep 2004 02:22:55 GMT
On 1, are you saying the DNS server should point to itself as the primary,
and a second DNS server in the same domain as a secondary (in my example I
have 2 DNS servers per domain, so each one would list the other as the
secondary)? If so, that goes against everything I have ever read. In fact,
when you use the Microsoft wizard, it sets up the DNS server as the primary
with no secondary. I agree with your reasoning, but everyone else must
always say to set it up by itself for a reason...
As far as 2, yes the name servers for each domain do get populated. I am
confused if I should basically list every name server in my entire forest in
the name server box on every DNS server (in my example, there would be 4 DNS
servers total, 2 for each domain. So should I list all 4 servers in the name
server box on all 4 machines?) I was thinking this would help the servers
"find" one another. Or does the name server box list the servers that are
authoritative for that domain only?
Also on #2 what's your opinion on the conditional forwarding I was told to
do? This is an alternative to stub zones I believe and is supposed to help
requests for addresses in another domain easier to locate. For example, if a
user in root.priv asks the root.priv DNS server for the address of a machine
in corp.priv, the root.priv DNS server would forward the request to the
corp.priv DNS server. Correct? Again, the concept sounds logical but I just
wanted to make I was setting everything up right.
I understand #3 - makes sense.
Thanks,
- Slater
"Mark Renoden [MSFT]" <markreno@online.microsoft.com> wrote in message
news:ewSXx$7jEHA.1656@TK2MSFTNGP09.phx.gbl...
> Hi
>
> Just to clarify, we're not talking about parent child domains, we're
talking
> about forest root and tree root domains. The way you handle these is
> different. For your forest root / tree root domain setup ...
>
> 1. It's normally good to point the DC/DNS server to itself and to another
> DC/DNS server in the same domain as alternate. This way, if the DNS
service
> fails for any reason locally, you've got the alternate you can make
requests
> to.
>
> 2. The name servers box is usually populated automatically (at least I
> thought so) with the DNS servers you have the AD integrated zones on. So
> for example, the root.priv AD integrated zone, you should see the two
DC/DNS
> servers that exist in that domain listed there.
>
> You want to forward to your BIND servers for external resolution in both
> domains. To resolve names from one domain to another, consider secondary
or
> stub zones (this are kewl in 2K3).
>
> 3. Clients should point to the DC/DNS servers in their own domain with the
> preferred server in the same site.
>
> HTH
> --
> Mark Renoden [MSFT]
> Windows Platform Support Team
> Email: markreno@online.microsoft.com
>
> Please note you'll need to strip ".online" from my email address to email
> me; I'll post a response back to the group.
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> "Slater" <slaterlovesspam@yahoo.com> wrote in message
> news:PT4Zc.268401$fv.189161@fe2.columbus.rr.com...
> > I've been an NT4 admin for years and am responsible for migrating us to
> > 2003. I'm new to AD and am certainly no expert on AD or DNS, but I have
> > read
> > MS books, Mark Minasi's 2003 book, and the O'Riely 2003 DNS book. All of
> > the
> > books and scenerios all seem to just discuss simple AD setups. I had a
> > test
> > AD working for months using 2000 and it worked great but that was a
single
> > domain. I started over with 2003 this time and now that I am trying to
add
> > a
> > child domain (i.e. domain tree) I am having some problems and no one
seems
> > to cover this scenerio to the point where I understand it. I understand
> > the
> > CONCEPTS just fine - it's when you get to the nuts and bolts of what
> > settings go where that everyone seems to leave that out of all of the
> > training material.
> >
> > Here's the setup - Each domain will have 2 DCs. The DCs will run
Microsoft
> > DNS and be AD-integrated. One domain (root.priv) will be an empty root
> > domain for the sole purpose of isolating the Enterprise admin account
and
> > making it easier down the road to reshape the forst if we ever need to.
> > The
> > second domain (corp.priv) will be the actual production domain that all
> > 100
> > of my users will belong to and use. It's just a separate tree in the
> > forest.
> > I also have 2 caching BIND DNS servers on the outside interface for
> > internet
> > queries, which I will slave my internal DNS servers to for external
query
> > forwarding. Each DC will be a GC server, and one DC in each domain will
be
> > located offsite for disaster recovery purposes (P2P VPN connection
between
> > the sites). That's pretty much it, other than I need to run WINS in the
> > corp.priv domain. The corp.priv domain will be divided into 2 network
> > subnets (the second subnet is a QA network that is currently an NT4
domain
> > but I will just make it an OU in the corp.priv domain once I migrate).
So
> > my
> > plan was to have a DHCP server in the corp.priv domain that will give
out
> > addresses in 2 different subnets (we have DHCP relaying enabled on our
> > cisco
> > routers). Sounds easy enough on paper, but once I tried to build it I am
> > having problems with DNS. I've been trying a bunch of things but it's
> > getting down to crunch time and it's starting to tick me off.
> >
> > Here's where I'm confused:
> >
> > 1. Local TCP/IP settings on the DNS servers:
> >
> > I'm confused how to fill out each DC/DNS server's TCP/IP settings. For
> > example, in the local TCP/IP properties, I know that all DNS servers
> > should
> > point to themselves as the primary and no secondary, so that's what I've
> > done on all of the servers (I used the actual IP of the box, not
127.0.0.0
> > like Microsoft says to do). But I don't know if the same "point to
itself
> > as
> > the primary w/no secondary" rule applies for the corp.priv domain's DNS
> > servers as well.
> >
> > 2. The DNS settings:
> >
> > What goes in the name servers box? Do you just list each name server in
> > that
> > domain, or do you list EVERY name server in your forest in every DNS
> > server's name server box? For example, on the root.priv DNS servers do I
> > just list the 2 root.priv servers, and on the corp.priv DNS servers list
> > the
> > corp.priv servers? Or do I need to instead list all 4 DNS servers on
each
> > DNS server?
> >
> > What goes in the forwarders box? Since I want to be slaved to external
> > forwarders for internet queries, I put the address of my 2 external DNS
> > servers in the forwarders box for "all other DNS domains" and checked
the
> > "do not use recursion for this domain" checkbox. This worked great on
the
> > root.priv DNS servers, but do I do the same on the corp.priv servers?
> > Basically I want ANY internet query from ANY internal dns server to be
> > slaved to external forwarders. But I don't understand if child domain
DNS
> > servers are even supposed to resolve internet queries themselves, or if
> > child domain DNS servers are supposed to forward all DNS queries
(internal
> > or external) to its parent's DNS server?
> >
> > And how does root.priv and corp.priv forward queries to one another?
> > Someone
> > recommended to me that I use conditional forwarding. For example, on the
> > forwarders tab of the root.priv DNS servers, create a new corp.priv
domain
> > and list the corp.priv's DNS servers. And do the opposite for the
> > corp.priv
> > DNS servers. Is this correct and do I check the "do not use recursion
for
> > this domain" checkbox like I did for the external slave forwarders?
> >
> > 3. Client TCP/IP settings:
> >
> > What DNS server would clients point to as their primary and secondary
DNS
> > servers? Should machines in Root.test point to the root.test dns
servers,
> > and the machines in corp.test point to the corp.test dns servers? Or
> > should
> > everyone point to the root.test dns servers? Or does it matter?
> >
> > =======================
> >
> > Is there any other tricks I need to do on the 4 DC/DNS servers? A
> > microsoft
> > article I found said to add the IP addresses (and domain name instead of
> > the
> > server name) of the DCs to the host file on each DC. This supposedly
helps
> > with DNS resolution issues and some AD replication problems I was
having.
> > Is
> > there any other tips from veterans like this I need to know about to
make
> > my
> > life easier?
> >
> > Any assistance is greatly appreciated. I know DNS is the heart of AD,
and
> > if
> > that's not worknig then everything else will just be fubarred. So I want
> > to
> > make sure all of my t's are crossed and i's are dotted before going
> > forward
> > with any of the NT4 migration procedures and everything else.
> >
> > I am free to design things however I see fit, so if anyone has a "if I
was
> > going to do it here's what I would do" idea I would love to hear it too.
> >
> > - Greg
> >
> >
>
>
- Next message: Deji Akomolafe: "Re: Hosting public dns without domain name"
- Previous message: Mark Renoden [MSFT]: "Re: Need help with DNS design and settings"
- In reply to: Mark Renoden [MSFT]: "Re: Need help with DNS design and settings"
- Next in thread: Mark Renoden [MSFT]: "Re: Need help with DNS design and settings"
- Reply: Mark Renoden [MSFT]: "Re: Need help with DNS design and settings"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
