Re: Should DC's with DNS point to self first?
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Mon, 19 Feb 2007 00:14:44 -0000
Hi again Joe
There are good reasons to use itself. Regardless, a DC DOES NOT have to point at itself for primary.It's not mandatory to do so. But a good practice. If you've problems then that's another situation, but the poster is asking for where should the DNS pointing to (IMO: to itself). And the shutdown/restart reason stated before is definitely not a good reason to do so IMO.
Several reasons, DCs aren't the only machines that need to use DNS.Agree. But Gonzo has DNS on his 3 servers, so that's why I said if you don't plan to use it why install.
However DCs are some of the worst impacted when DNS is not functioning properly.Agree, never said something that would suggest otherwise.
Maybe DNS is installed just to increase the number of DNS servers to handle all of the clients but you still want DCs to still use a specific set of DNS servers. This was also a common config with WINS.Agree.
While this may not be required in the OP's specific case, it certainly is an option and you shouldn't outright say it MUST be configured in a specific way.Again, the shutdown/restart reason stated before is definitely not a good reason to do so IMO.
The OP should be fine doing it EITHER way.IMO: No. There's no reason (in common scenario) to use other DNS server when you have all locally, by doing so IMO you're wasting server resources and network traffic just for fun (Bad configuration)
however if the OP has experienced replication issues, I would be quicker to point him to NOT pointing the DC at itself for DNS. I fix screwed up and underperforming AD deployments for a living, far more instances have been cases where I ran into issues due to DCs pointing at themselves than pointing at other DNS servers.The poster didn't stated anything about replication issues or something like that, if it was that would be a different story.
BTW: And if the server that he was pointing had missing DNS records or bad DNS replication.... The story would be the same, it doesn't matter, if no specific scenario IMO the DNS should always point to itself otherwise it's just a waste of resources.
This was in regards to the comment of "DCs weren't made to be rebooted" which is absolutely incorrect. If you read it somewhere, I need to get it corrected. If you came up with it on your own, you should probably refrain from such guesses. If you presented that comment to anyone on the DS team they would probably laugh quite a while.Note: I never said that the DCs never do reboots, but the purpose should be that one.
If the DS team laughs quite a while, they are laughing from them selves, and the mess that they do in the developed systems provided by them. IMO a STABLE system SHOULD be set to never be rebooted. Of course unfortunately that's not the case, so they can continue to laugh of yheir own products.
Again, your opinion, again I don't agree with it. Even the best practice documentation doesn't state it this strongly, it presents several options including pointing at self, pointing at another DNS server, and a combination strategy. None of them are listed as incorrect and none of them are incorrect. It depends entirely on the configuration and DESIRES of the administrators.Again, in this scenario, i don't think of any reason to do otherwise. You don't win nothing at all, you just loose. (in this scenario of course).
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message news:em0%23CJ7UHHA.4028@xxxxxxxxxxxxxxxxxxxxxxx
> IMO: Yes it does,
I agree, it is your opinion. I do not agree with your opinion on this. There are several good reasons not to have the DC use itself for its primary. There are good reasons to use itself. Regardless, a DC DOES NOT have to point at itself for primary.
> if not why you should Run DNS on that server
Several reasons, DCs aren't the only machines that need to use DNS. However DCs are some of the worst impacted when DNS is not functioning properly.
Maybe DNS is installed just to increase the number of DNS servers to handle all of the clients but you still want DCs to still use a specific set of DNS servers. This was also a common config with WINS.
While this may not be required in the OP's specific case, it certainly is an option and you shouldn't outright say it MUST be configured in a specific way. The OP should be fine doing it EITHER way, however if the OP has experienced replication issues, I would be quicker to point him to NOT pointing the DC at itself for DNS. I fix screwed up and underperforming AD deployments for a living, far more instances have been cases where I ran into issues due to DCs pointing at themselves than pointing at other DNS servers.
>> I am really not sure where you came up with this. If you got it from
>> MSFT docs, point me at them so I can get them removed/corrected.
>
> LOL. I think I shouldn't even bother to respond this one obviously. I
> don't think so.
This was in regards to the comment of "DCs weren't made to be rebooted" which is absolutely incorrect. If you read it somewhere, I need to get it corrected. If you came up with it on your own, you should probably refrain from such guesses. If you presented that comment to anyone on the DS team they would probably laugh quite a while.
> According with general/normal configuration, IMO it is.
Again, your opinion, again I don't agree with it. Even the best practice documentation doesn't state it this strongly, it presents several options including pointing at self, pointing at another DNS server, and a combination strategy. None of them are listed as incorrect and none of them are incorrect. It depends entirely on the configuration and DESIRES of the administrators.
> If
> my DNS server is updated why should I query another one when I have
> everything I need locally?
Because it may or may not be correct. It may or may not be up to date. It may or may not be replicating properly. The amount of DNS queries from a DC are not as heavy a traffic as some people like to push as an issue of why they should point at themselves. Don't believe me, trace the calls for a month and then average that out in queries per second, per minute, per hour, whatever you want. If that level of queries is troublesome, don't deploy clients and definitely don't deploy Exchange because your head will snap off.
> Agree, you should correct that, but after correction made, point the
> server to it self again.
Repointing servers in times of trouble is not something you should normally have to do. This comes up when you point DCs at themselves for DNS. If you point all DCs to a common set of DNS servers, latency and possibility of islanding is greatly reduced.
Again let me reiterate again... Pointing a DC at itself as the primary DNS Server is absolutely not a MUST. It is absolutely NOT bad NOT to do it. In your opinion this may be the case but that doesn't make it so.
With only three DCs, all running DNS, I would probably point the primary at one specific arbitrarily chosen server, secondary to another specific arbitrarily chosen DC, and set a third entry to the last.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Jorge Silva wrote:Hi Joe
First of all, let me say that the answer is based in common configuration, Gonzo didn't specify any specific configuration, so I think it's fair to give a common DNS configuration for a common scenario.
No it doesn't. In fact in some situations it absolutely should not.
IMO: Yes it does, if not why you should Run DNS on that server, if you don't plan to take advantage of DNS don't install it on the DC. If my DNS server is updated why should I query another one when I have everything I need locally? Of course when you introduce a new DC/DNS on the domain, during dcpromo you should use another updated DNS server in the primary DNS NIC configuration, but after everything is replicated you should point the server again to it self. There're other specific types of configuration that you can take advantage of querying other DNS server than locally, but again this is a common scenario not specific, or maybe I miss something in Gonzo's post.
I am really not sure where you came up with this. If you got it from MSFT docs, point me at them so I can get them removed/corrected.
LOL. I think I shouldn't even bother to respond this one obviously. I don't think so.
Pointing at another DC is not definitely a wrong configuration. It could be, but isn't necessarily. Depends on the DNS configuration.
According with general/normal configuration, IMO it is. So again: . If my DNS server is updated why should I query another one when I have everything I need locally?
It is possible the local records are wrong. Incorrect records are worse than no records because incorrect records do not cause a secondary lookup.
Agree, you should correct that, but after correction made, point the server to it self again.
.
- Follow-Ups:
- Re: Should DC's with DNS point to self first?
- From: Joe Richards [MVP]
- Re: Should DC's with DNS point to self first?
- References:
- Should DC's with DNS point to self first?
- From: Gonzo
- Re: Should DC's with DNS point to self first?
- From: Gonzo
- Re: Should DC's with DNS point to self first?
- From: Jorge Silva
- Re: Should DC's with DNS point to self first?
- From: Joe Richards [MVP]
- Re: Should DC's with DNS point to self first?
- From: Jorge Silva
- Re: Should DC's with DNS point to self first?
- From: Joe Richards [MVP]
- Should DC's with DNS point to self first?
- Prev by Date: Re: Should DC's with DNS point to self first?
- Next by Date: Re: Should DC's with DNS point to self first?
- Previous by thread: Re: Should DC's with DNS point to self first?
- Next by thread: Re: Should DC's with DNS point to self first?
- Index(es):
Relevant Pages
|
Loading
