Re: Correct DNS Setup for Domain
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 08/21/04
- Next message: Kevin D. Goodknecht Sr. [MVP]: "Re: Intermittant DNS detection and How does DNS in W2K actually works ?"
- Previous message: Sharad Naik: "Re: Intermittant DNS detection and How does DNS in W2K actually works ?"
- In reply to: Scottt: "Re: Correct DNS Setup for Domain"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 21 Aug 2004 00:43:19 -0700
If it is well-connected WAN you could make the forest root
domain hold the one zone for all of the forest, and then have
DCs of each child domain act as secondaries, receiving zone
transfer from the forestroot via standard secondary zone.
If these child domains have multiple co-located DCs you
could transfer from the forestroot to the bridehead child DC,
and let others in the child site master from the bridgehead
(this will reduce network load, but will increase vulnerability
or more accurately, issue to deal with during outage of the
bridehead)
To assess further alternatives it is really necessary to know
whether the child sites have direct internet access or if they
all pass to somewhere, like the forestroot at the central office,
in order to access the internet.
The parameters to play with are:
1
All child domains need ability to resolve names in at least the
forest root domain (this is non-negotiable), but likely in all
domains (this is solely dependent on your usage scenarios).
2
Any DC that has its DNS set to forward to internet DNS servers
or use root hints should hold copies of all DNS zones used for
your AD or be able to follow delegation records to locate those
DNS zones
3
In W2k the only way to have a DNS zone cross and AD boundary
to be held in DCs of another AD domain is to use standard zone
transfers.
So, without knowing how your sites get internet connectivity, it
is possible to have the forest root DNS zone delegate each
child DNS domain to the child AD domain's DC/DNS servers.
Then, each child domain's DNS servers should at minimum
either hold copy of the forest root DNS zone or use the forest
root DNS servers as its forwarders (and not be allowed to use
root hints).
Alternatively, you can devise rather complicated ways to acheive
complete resolution, but it is senseless to guess as to your
internet access design and the link quality and topology between
the sites.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCDBA, MCSE W2k3+W2k+Nt4 "Scottt" <anonymous@discussions.microsoft.com> wrote in message news:317a01c4873e$21b8ae50$a301280a@phx.gbl... > no...its a WAN > > Scott >>-----Original Message----- >>Are all domains on the same LAN, or are these domains > geographically >>diverse? >> >>-- >>Todd J Heron, MCSE >>Windows 2003/2000/NT >> >> >>"Scott" <anonymous@discussions.microsoft.com> wrote in > message >>news:a43801c48736$a37257a0$a401280a@phx.gbl... >>> um..both actually. macon.local...2003, child domains > 2000 >>> >>> scott >>> >-----Original Message----- >>> >2000 or 2003? >>> > >>> >-- >>> >Todd J Heron, MCSE >>> >Windows 2003/2000/NT >>> > >>> > >>> >"Scott Carver" <anonymous@discussions.microsoft.com> >>> wrote in message >>> >news:a6c901c4872a$76a6de00$a601280a@phx.gbl... >>> >> Hello, >>> >> >>> >> I have a domain...macon.local with 7 child domains. >>> How >>> >> should I have DNS setup in order for everything to > work >>> >> properly. I have experimented with everything that > I >>> can >>> >> think of (yeah...live data Fortunatly, this domain >>> >> happens to be for the local school system and no > users >>> >> were affected.) Anyway, if you have a link that >>> explains >>> >> the proper DNS setup for my situation, or if you > have >>> an >>> >> answer, beleive me, I would greatly appreciate it. >>> >> >>> >> Scott >>> > >>> > >>> >. >>> > >> >> >>. >>
- Next message: Kevin D. Goodknecht Sr. [MVP]: "Re: Intermittant DNS detection and How does DNS in W2K actually works ?"
- Previous message: Sharad Naik: "Re: Intermittant DNS detection and How does DNS in W2K actually works ?"
- In reply to: Scottt: "Re: Correct DNS Setup for Domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
