Re: Replication between parent child domains
- From: "T. Uranjek" <toniuranjek@xxxxxxxxxxx>
- Date: Tue, 17 Oct 2006 10:27:59 +0200
Hi!
You should set Prefered DNS server setting on Melbourne DC to point to
itself and then run dcpromo. And it was already answered that you should set
replication for your zones to replicate through entire forest.
HTH
Toni
"Chief" <Chief@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:34312046-C38F-4313-8913-87AB5A1B9FCA@xxxxxxxxxxxxxxxx
Hi and thanks for tips, i have done a bit of testing in lab enviroment amd
this is how i set it up. I have the melbourne servers ip settings primary
dns
server pointing to the Sydney ip address or should i set it to itself and
install dns before i run the dcpromo on the melbourne server. at the
moment
all domain related records for Melbourne are on the sydney dns server. My
question is is there a way that those domain related records can be stored
on
the on the melbourne server :
All the dmain related folders are being stored on the sydney is there a
way
to get them to go on the child domain dns server.
. _msdcs
. _sites
. _tcp
. _udp
sorry if im confusing you?
"Jorge Silva" wrote:
Hi
Careful- Stub zones do not remove the requirement for delegations
Check the following options:
- Forwarding: DNS server will forward any query it can't answer, Checks
zone
data and cache then forwards. ("All other Domains" option - pointing to
TLD
DNS Servers) all queries will go to tld DNS server (including Internet
resolution queries), if the link with tld is down then queries will fail
for
domains but the DNS server will attempt to use its root hints to resolve
the
these queries (unless you select the option don't use recursion for this
domain- this can represent security problems because the DNS goes to
public
network trying to resolve all queries that isn't authoritative for).
*Please note, only a failure to respond will cause the DNS client to
switch
Preferred DNS servers; receiving an authoritative but incorrect response
does not cause the DNS client to try another server. As a result,
configuring a Domain Controller with itself and another DNS server as
Preferred and Alternate servers helps to ensure that a response is
received,
but it does not guarantee accuracy of that response. DNS record update
failures on either of the servers may result in an inconsistent name
resolution experience
- Conditional Forwarding: you can have better control by defining which
DNS
servers will the server contact for zones that the server isn't
authoritative for, and if the link is down to any particular domain/site,
that doesn't mean that other queries will fail as long as you have the
link
up to these domains/sites. Each domain name used for forwarding
associated
with a forwarders list, Checks zone data and cache for answer, then uses
forwarders list to resolve, DNS server compares queried name to list of
domain name conditions
- Stub zones: Stub zones contain a read-only copy with specific records
(SOA, NS and related A) the big advantage of stub zones is that they'll
refresh automatically, a server hosting stub zone contacts zone master
for
zone transfer, A master server may be a primary or secondary server for
actual zone, you don't need to allow zone transfer for stub zones to work
(Careful- Stub zones do not remove the requirement for delegations, Stub
zone data doesn't transfer during zone transfers like delegation
information
does, Can be dangerous to use instead of delegation, If parent zone is
transferred without delegation information, how will server find child
zones?). Typically contiguous namespaces will not benefit using stub
zones,
only disjoint namespaces may benefit using stub zones.
- Secondary Zones: also contains a Read-Only copy of the zone, all
queries
can be resolved locally, but you need to allow zone transfer on each
zone.
- Active Directory Integrated Zones (require that the DNS is also a DC),
the
zone is replicated with AD replication, is better from security
perspective,
you can always choose by replicate them across the domain or forest. This
can have a significant impact on your replication traffic if you choose
to
replicate all zones across the forest.
The _msdcs.domain.tld contain information about Global catalog and other
domain/forest important records and they only exist in parent (root) DNS
server, so is always a good practice to replicate the root
_msdcs.domain.tld across the forest.
Most common configuration scenario is:
- On the TCP/IP properties of the child domain server, change the TCP/IP
address of the DNS server to point to its own TCP/IP address
- Consider integrating DNS with the Active Directory on the child DNS
server
- Add the parent (root) DNS server as a forwarder on the child DNS server
Firewall considerations:
To Configure DNS behind a Firewall
Proxy and Network Address Translation (NAT) devices can restrict access
to
ports. DNS uses UDP and TCP port 53. The DNS Service Management console
also
uses remote procedure call (RPC). RPC uses port 135. These are potential
issues that could arise when you configure DNS and firewalls.
Related links:
Support WebCast: Microsoft Windows Server 2003 DNS: Stub Zones and
Conditional Forwarding
http://support.microsoft.com/default.aspx?scid=kb;en-us;811118
Best practices for DNS client settings in Windows 2000 Server and in
Windows
Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036&sd=RMVP
How to Create a Child Domain in Active Directory and Delegate the DNS
Namespace to the Child Domain
http://support.microsoft.com/kb/255248/
Conditional Forwarding in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;304491
How to configure DNS for Internet access in Windows Server 2003
http://support.microsoft.com/kb/323380/
How to configure DNS for Internet access in Windows 2000
http://support.microsoft.com/kb/300202/
How to Delegate All Internet Top-Level Domains on an Internal Root DNS
Server
http://support.microsoft.com/default.aspx?scid=kb;en-us;294906&sd=RMVP
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"T. Uranjek" <toniuranjek@xxxxxxxxxxx> wrote in message
news:uoebm9O8GHA.4012@xxxxxxxxxxxxxxxxxxxxxxx
Hi!
Yes, you can create child domain in Sydney and then move child domain
DC
to Melbourne, to avoid replication traffic. I can't tell you which is
the
best way to set up DNS in your particular case, but I would normaly
choose
stub zones. If you are using a stub zone and you have a firewall
between
DNS servers in the networks, then DNS servers on the query/resolution
path
must have port 53 open. However, if you are using conditional
forwarding
and you have a firewall between DNS servers in each of the networks,
the
requirement to have port 53 open only applies to the two DNS servers on
either side of the firewall.
HTH
Toni
"Chief" <Chief@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3B30D970-4FB1-4553-BE68-E3E55FB4A144@xxxxxxxxxxxxxxxx
Just a couple of things will i be able to create the child domain in
sydney
then move it down to melbourne i dont want to have the replication
traffic by
doing it melbourne? Also what would be the best way to set up dns
should
i
create a conditional forwader on the syndey domain or create a
delegation
to
the melbourne domain and create a stub zone back up to the sydney
domain
from
the melbourne dc? What would be the best way to go about this?
"T. Uranjek" wrote:
Hi!
I would create sitelink between Sydney an Melbourne. And yes, schema
and
configuration partitions are replicated through entire forest. When
checking
or forcing replication between sites use Replication Monitor from
Support
Tools instead of Active Directory Sites and Services tool.
HTH
Toni
"Chief" <Chief@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F7DAA804-B8CC-48E2-82AD-5891786CA270@xxxxxxxxxxxxxxxx
I have all connections going through the SYdney link so there is no
direct
link between melbourne and perth and SYndey holds the forest fsmo
roles
should i create a bridged link with all three sites or should i
just
create
a connection for melborne going back to sydney? Also it is just the
schema
and configuration partitions from the forest that get replicated to
the
child
domain is that right?
"T. Uranjek" wrote:
Hi!
Firsy you should set up child domain, then create a site for
Melbourne
anf
put DC for child domain in Melbourne site. Then you should create
sitelink
according to your WAN links. It wouldn't be bad if you could
create
sitelink
with site in which FSMO holder resides.
HTH
Toni
"Chief" <Chief@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8A0D5A1A-0366-4E9F-AE0C-BC5186C574C8@xxxxxxxxxxxxxxxx
Hi I have been forced to create a new child domain in my
Melbourne
office
due
to politics within the business at the moment i have a single
domain
with
2
sites one in Sydney and the other Perth which works fine. Just
wondering
if i
add a child domain how would i have to implemet the replication
can
i
create
a site for the Melbourne office to link them with the other 2
dc.
What
is
the
best way of setting this up?
.
- References:
- Re: Replication between parent child domains
- From: T. Uranjek
- Re: Replication between parent child domains
- From: T. Uranjek
- Re: Replication between parent child domains
- From: Chief
- Re: Replication between parent child domains
- From: T. Uranjek
- Re: Replication between parent child domains
- From: Jorge Silva
- Re: Replication between parent child domains
- From: Chief
- Re: Replication between parent child domains
- Prev by Date: User account automatically locks itself after unlocking
- Next by Date: Re: User account automatically locks itself after unlocking
- Previous by thread: Re: Replication between parent child domains
- Next by thread: Re: Scecli and ESENT errors event log
- Index(es):
Relevant Pages
|
