Re: 1 DNS for 2000AD,2003AD and NT servers.. setup q??
- From: Rob <Rob@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 6 Apr 2005 05:57:03 -0700
ace.. this is great... thanks for all the help with this.. i got myself more
confused than i needed to .. i have this structure up and running.. i believe
that i have it set up.. i just dont know if i put some overkill in
somewhere.. i wanted to keep it as basic as i can so that i can add more
domains and forests as i go.. if i have it correct all i have to do going
forward is add secondary zone on my main DNS to the new forests and allow
transfers... if thats all there is i was obviously going way out of my way to
acomplish this..
r
"Ace Fekay [MVP]" wrote:
> Rob wrote:
> > ace... or pt..
> >
> > i am looking at the following again and am lost at #5... i take it
> > the zones that are mentioned being changed to primary or ad integ.
> > are on the secondary dns servers.. correct.. not on my primary
> > server.. i just created secondarys.. here's where i am lost.. on the
> > other forest dns servers.. aren't they already either primary or ad
> > integ.??
> >
> > r
> >
> > 1. Pick a DNS server.
> > 2. On this server, create secondary zones of ALL the zones that exist
> > on the other servers..
> > 3. Allow them to transfer,
> > 4. Confirm they've transferred
> > 5. Make the zones either Primary or AD Integrated.
> > 6. Allow Dynamic Updates on each zone.
> > 7. Go to ALL of your servers and use ONLY this server's IP for their
> > DNS settings (no others).
> > 8. Done.
> >
> > Ace
> >
>
> I believe we were trying to help you to ensure all your zones are resolvable
> by pointing to any DNS server in your infrastructure.
>
> When I said to make the zone AD Integrated or a Primary, I meant that this
> server and ONLY this server is going to be the ONLY one ALL your machines
> are going to be using for DNS in their IP properties. This was to your
> question of :
>
> >... how
> > do i set up the other dns's so that they use that one..
>
> Maybe a little background on what AD Integration means may help, unless I
> totally misunderstood your setup, which I am assuming your domains are
> different domains in different forests.
>
> All a DNS server does is store zone information available for query lookups.
> DNS server store the zone database in various locations. Some use a simple
> text file, I belive one of them use a database engine, such as Oracle (can't
> remember the name of it), and Windows 2000 and 2003 has the ability to store
> it in the actual AD database. The advantage is the zone being stored in the
> database, replicates along with the AD replication cycle, and can be
> available anywhere in the forest or the domain, depending on how you choose
> it's replication scope, which you have control over. But an AD Integrated
> zone "acts" and work exactly like a Primary zone. You can allow transfers
> from it to any secondaries. The only exception is on any DC/DNS server that
> has a copy of this zone, each DC/DNS server acts as it;s own primary, hence
> the multi-master advantage.
>
> If I remember correctly, you have different domains in different forests.
> Keep in mind, when you store a DNS zone as AD Integrated, it is stored in
> the Domain NC ('name container'), which is one of the three logical
> partitions in the AD database. This partition stores user accounts, computer
> accounts, etc, that belong to this specific domain. This portion of the
> database will ONLY replicate to other DCs of the same domain. Hence, why a
> username is only available in that specific domain. The other two
> partitions, the Schema partition and the Config container, are replicated to
> ALL DCs in that specific forest that the domain is part of, and the domain
> controller is part of that domain. So that predicates what exactly is
> replicated between DCs. DCs of a different forest do not replicate anything
> between them. You choose how to control the replication scope by choosing
> what partition it will be stored in.
>
> But If one of your zones is AD Integrated that is sitting on someother DNS
> server in someother domain that is in a different forest, that will have
> nothing to do with the DNS server you are choosing to use for everyone. If
> the zone is a secondary or primary zone, then it is stored as a text file in
> the system32\dns folder.
>
> There are two other ways Win2003 will allow you store zone data. These two
> are also AD Integrated, but they are stored in a different type of
> partition. The two additional partitions are the DomainDnsZones, and the
> ForestDnsZones. Their names indicate what sort of replication scope they
> have.
>
> So based on what you said earlier, I am assuming all of these domains are
> actually different domains that are part of different forests. Therefore,
> what I said to allow transfer from one of the other server to the server you
> chose to use, you need to allow that transfer, and it doesn't matter what
> the zone type is as long as it does not belong to that domain or forest.
>
> I hope that clears it up a bit.
>
> Ace
>
>
>
.
- Follow-Ups:
- Re: 1 DNS for 2000AD,2003AD and NT servers.. setup q??
- From: Ace Fekay [MVP]
- Re: 1 DNS for 2000AD,2003AD and NT servers.. setup q??
- References:
- Re: 1 DNS for 2000AD,2003AD and NT servers.. setup q??
- From: Rob
- Re: 1 DNS for 2000AD,2003AD and NT servers.. setup q??
- From: Ace Fekay [MVP]
- Re: 1 DNS for 2000AD,2003AD and NT servers.. setup q??
- Prev by Date: Re: Errors 40960 & 40961 ...
- Next by Date: Re: Dynamic Updating of Records
- Previous by thread: Re: 1 DNS for 2000AD,2003AD and NT servers.. setup q??
- Next by thread: Re: 1 DNS for 2000AD,2003AD and NT servers.. setup q??
- Index(es):
Relevant Pages
|
