Re: Should DC's with DNS point to self first?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

A reason for not using ISP forwarding and relying on root hints is the script kiddies polluting ISP DNS servers.
I've run into an instance or two where windows update stopped working. When I did a nslookup for microsoft.com, I ended up somewhere, but definitely not at the Microsoft site.

--
Kind regards,

Erik Cheizoo
eXcellence & Difference - we keep your business running
============================================
Always test in a non-production environment before implementing
Guidelines for posting: http://support.microsoft.com/?id=555375
============================================


"Gonzo" <no@xxxxxxx> wrote in message news:un7vRlGVHHA.1364@xxxxxxxxxxxxxxxxxxxxxxx
Everybody thanks for the help, I decided to point the DC's to themselves first and another DC's for the alternative. DCdiag, replmon are happy and so is my MOM 2005 server with the AD MP. Boot ups at the logon screen are very slow, but I hope to never really reboot them.

I'm using AD intigrated DNS in secure mode and I forward unresolved queries to our ISP's DNS - I'm not sure of the proper name for this - unconditional forwarding? Also I'm not sure why we would use root hints, I've read up a little and it makes no sense to me...

Also I have not created a reverse DNS zone, should I?

All seems to work, feel free to recommend anything :)

"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message news:B433FAC3-906D-4CA2-BA3F-D5F9AC6F3381@xxxxxxxxxxxxxxxx
Hi Paul
Yes I understand what pp are trying to say. But I also like to debate with Joe, and because I don't know him personally, from time to time I try to do a more long debate with him to check his position about certain subjects. (I also know that he also likes debate). He I'm annoying him, he can send me to hell... and I won't bother him anymore. Some times I feel that we must say no to Joe to see more behind his head.
;)
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx> wrote in message news:%23Y9CvNEVHHA.392@xxxxxxxxxxxxxxxxxxxxxxx
What people are saying is there's no real correct way of doing this. There's several ways of doing it that come down to preference/ design. You have to pick what's right for you. It is generally recommended that you point to self and another, as this minimises network traffic. Joe clearly stated that the amount of traffic isn't as high as people often believe, and you should believe him as he's been unfortunate enough to have sat in front of perfmon and netmon traces for literally days looking at this stuff.

I generally don't see any issues with pointing to self. I feel that as long as you're aware of the initial sync requirements/ issues and know about the island problem, then this is fine. If you're really funny about your event logs, or long startup delays you may choose to point to each other. It really doesn't matter and you're hard pressed to come up with a winning argument for one argument over the other. Just like FSMO placement ;-)

Consider either of the following for the hub site.

Adjacent DC (random)
Self

or

Self
Adjacent DC (random)


For the WAN site point to self and then hub site. You generally don't want to go over the WAN when you've got a local copy of the database.

So, summarised, you'll have a combination of both in most cases as I don't know many people who'll prefer to go over the WAN instead of locally, unless they're old WINS people whereby this was recommended as shed loads of WINS replication partners was a big no-no.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net







.

Relevant Pages

  • set up a dc in a remote site (2)
    ... Create a new site and associated new subnet on the hub site DC; ... Configure the server NIC using DNS at hub site so that it can resolve the ... It apeared to me that the DNS replication was waiting for information from ...
    (microsoft.public.windows.server.active_directory)
  • set up a dc in a remote site (2)
    ... Create a new site and associated new subnet on the hub site DC; ... Configure the server NIC using DNS at hub site so that it can resolve the ... It apeared to me that the DNS replication was waiting for information from ...
    (microsoft.public.windows.server.active_directory)
  • set up a dc in a remote site (2)
    ... Create a new site and associated new subnet on the hub site DC; ... Configure the server NIC using DNS at hub site so that it can resolve the ... It apeared to me that the DNS replication was waiting for information from ...
    (microsoft.public.windows.server.active_directory)
  • Re: Error: Root hints list has invalid root hint server
    ... I have never removed root hints. ... To remove a root server from the list, select it in the list, and then ... To copy root hints from a DNS server, click Copy from server, and then ... our Zones as I read them in the dnsmgmt windows is... ...
    (microsoft.public.windows.server.dns)
  • Re: Forworders or Root Hints?
    ... root hints and forwarders are methods of doing this. ... As long as it isn't my internal DNS I'm fine with that, ... internal network)" You can have your own Cache only DNS server without ...
    (microsoft.public.windows.server.dns)