Re: AD and DNS a little confused here...
From: Christian Schindler (christian.schindler_at_ntx.at)
Date: 02/07/04
- Next message: Jimmy Andersson [MVP]: "Re: DSClient Required? 95 clients"
- Previous message: Michael Sloan: "DSClient Required? 95 clients"
- In reply to: Nathan Walter: "Re: AD and DNS a little confused here..."
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 7 Feb 2004 21:43:31 +0100
Promoting the Server to a DC would "fix" the problem with the policies,
but not with the website. Promoting to a DC would automatically create
the desired DNS Record, but the DNS Server would answer with all three
entires(Webserver, DC1, DC2). So for example if 4 clients are "asking"
for "x.com", the first client gets the entry for the webserver, the second
gets
DC1 and the third gets DC2. The fourth client would again get WEBSERVER
and so on...
You could place the Webserver/DC in another AD-Site to control the logon
process.
But I don't think that would solve the problem...
I know it's not a good answer for you, but the "cleanest" way would be to
give the
AD Domain not the same name as the public name. AD-Rename is possible with
Windows Server 2003.
But if you are comfortable with the website-redirect "solution" than you
could promote the
webserver to a DC.
-- Christian Schindler MCSA / MCSE / MCT / CCEA Senior Consultant NTx BackOffice Consulting Group Austria mailto:cns@ntx.at "Nathan Walter" <nwalter@fielding.edu> wrote in message news:uWsmaGR7DHA.260@TK2MSFTNGP11.phx.gbl... > Ok.. Gotcha on that.. > > So lets say we promote our web server to a domain controller and then place > it first in the list for the round robin setup that would fix the problem of > going to http://x.com but what would the impact on the web server be? > Because it is the first in the DNS list every computer is going to use that > one for authentication and GPO policy's which would add a lot of overhead to > the web server correct? Is there a way to make that a DC and have the > workstations talk to one of the other DC's? > > > > "Christian Schindler" <christian.schindler@ntx.at> wrote in message > news:#AZwqAQ7DHA.804@tk2msftngp13.phx.gbl... > > Per default the DNS Service uses Round Robin to alter multiple records for > > the > > same name. So if you have 3 records of which 2 are DC's and one is the > > webserver, > > it's possible that clients get the Webserver-Address and in fact try to > > contact the > > Webserver for policies... > > > > So if ever possible, remove the entry for the webserver. > > > > -- > > Christian Schindler > > MCSA / MCSE / MCT / CCEA > > > > Senior Consultant > > > > NTx BackOffice Consulting Group Austria > > mailto:cns@ntx.at > > > > "Nathan Walter" <nwalter@fielding.edu> wrote in message > > news:%23$MXFfP7DHA.488@TK2MSFTNGP12.phx.gbl... > > > Thanks. That is what i have done for the time being, so i guess it will > > > just stay. > > > > > > Also what effect does having multiple entries of this record type in the > > DNS > > > have? > > > > > > Right now we have: > > > Webserver (Same as parent) Host(A) IP1 > > > DC1 (Same as parent) Host(A) IP2 > > > DC2 (Same as parent) Host(A) IP3 > > > > > > Is that going to cause any problems? Should i just remove the entry for > > the > > > webserver? > > > > > > > > > "Christian Schindler" <christian.schindler@ntx.at> wrote in message > > > news:e5ugOhO7DHA.2404@TK2MSFTNGP11.phx.gbl... > > > > Nathan, > > > > > > > > these entries are necessary to keep GPO processing functioning. > > > > > > > > A client downloads GPO's from the SYSVOL share. The SYSVOL share > > > > is accessed via the UNC Name \\X.COM\SYSVOL. > > > > > > > > So, if you remove the entries, clients wouldn't be able to process > > GPO's. > > > > > > > > The entries are automatically created by the Netlogon service. If I > > > > correctly > > > > remember Netlogon updates the records once every hour. > > > > > > > > You could configure your Webserver on another name and then configure > > > > a redirection on the IIS of the DC's... I know it's not a "clean" > > > > solution... > > > > > > > > Christian > > > > > > > > "Nathan Walter" <nwalter@fielding.edu> wrote in message > > > > news:eKE3CbN7DHA.3880@tk2msftngp13.phx.gbl... > > > > > We are setting up DNS to run on W2K boxes and are migrating our > > existing > > > > DNS > > > > > from AIX / BIND 8.0. I got all of our DNS entries to transfer over > to > > > the > > > > > new servers but what I noticed is that for the root of the domain, > > lets > > > > say > > > > > x.com, AD creates entries pointing to the domain controllers. So > now > > > when > > > > > someone goes to x.com in a web browser they get directed to one of > our > > > > > domain controllers. But what we want to do is for them to get > > directed > > > to > > > > > our webserver which is only a member server running IIS only. If I > > > delete > > > > > or change the entries that AD created it works the way we want for a > > > short > > > > > time but then AD re-creates its stuff in DNS. So how do i remove > > these > > > > and > > > > > have them goto our web server and will there be any effect on how AD > > > > > operates if these are not present? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Jimmy Andersson [MVP]: "Re: DSClient Required? 95 clients"
- Previous message: Michael Sloan: "DSClient Required? 95 clients"
- In reply to: Nathan Walter: "Re: AD and DNS a little confused here..."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
