Re: Windows 2003 DNS & QIP DNS (Reverse Lookup)

From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 12/02/04 

Date: Wed, 1 Dec 2004 22:49:10 -0500

In news:E73D12ED-C57D-40A6-9D71-ADDC69DEC22A@microsoft.com,
Joe Flynn <JoeFlynn@discussions.microsoft.com> made a post then I commented
below
> Can you possibly tell me why you would recommend using QIP for DNS.
> I am siding with you here but our "Standards" group will sure ask me
> why I comment that I want to keep windows.
>

I'm not sure but in many cases, DNS can be a political thing when it comes
to the "DNS" admins on the network. AD works ALOT easier with using MS DNS.
It needs no fancy config files or settings, it just works. If you can
delegate the zone from them, and forward back to the BIND servers for the
parent and all other zones, that seems to be your best bet. QIP is ok for
some solution, but I've heard quite a few nasty stories about getting it
config'ed to work seamlessly with AD.

A friend of mine works for a major uiversity in my area. They use BIND. FOr
their departments that use AD, they asked to have the system32\config folder
accessible to them so they can take the netlogon.dns file to use to populate
the required zones manually since they do not want 35,000 transient machines
registering into DNS. For those AD users, they need to get to resources on
the university's network, and they wanted the AD DNS domain name to be a
child of the network, but they don't allow anyone forwarding to it otherwise
imagine all the students abusing the DNS infrastructure (among other things
they attempt to abuse within the network). Their solution worked out fine,
but it requires a bit of manual work, but not that bad. 

-- 
Regards,
Ace
G O   E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
-- 
=================================

Relevant Pages

  • Re: Help with initial small org AD setup convention when using DMZ network
    ... Consider using Dynamic DNS internally (aka Active Directory Integrated ... > firewall which then connects the public IP dmz network to a private IP ... > domain name for such subnets based on the nearest airport code, ... > servers to serve acme.com names for external users. ...
    (microsoft.public.win2000.active_directory)
  • Re: Size and event 1030 1058 0xc0001b77 0x00000423
    ... Are all DNS zones under forward/reverse lookup zones have entries for the DC? ... network and cleaning up the AD database with ntdsutil. ... I'm sorry but the server is in Italian.... ...
    (microsoft.public.windows.server.general)
  • Re: About DNS naming convention for Active Directory
    ... Here's what I did so far, I set up a private network consists of the ... I did an in-place upgrade of the NT4 PDC to Active Directory 2003, ... I had no DNS service at all. ... Joined the 2003 Server as a member server and that went well too. ...
    (microsoft.public.windows.server.dns)
  • Re: IE cant connect to any sites
    ... On the General tab in the Temporary Internet Files Folder, ... Click on "LAN Settings" and make sure everything is blank, ... Network settings ... IP address automatically", click on the DNS tab, disable DNS here, click ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Error Message
    ... On the General tab in the Temporary Internet Files Folder, ... Click on "LAN Settings" and make sure everything is blank, ... Network settings ... IP address automatically", click on the DNS tab, disable DNS here, click ...
    (microsoft.public.windows.inetexplorer.ie6.browser)