Re: Event ID 7062 in DNS logs
- From: "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@xxxxxxxxxxx>
- Date: Mon, 2 Jan 2006 23:02:19 -0500
In news:1136221528.378903.246780@xxxxxxxxxxxxxxxxxxxxxxxxxxxx,
ovidiu_m_gheorghita@xxxxxxxxx <ovidiu_m_gheorghita@xxxxxxxxx> stated, which
I commented on below:
> Hi,
>
> I installed a Windows 2003 forest containing one root domain and few
> child domains. The forest has Windows 2003 internal DNS servers which
> means that has no internet communication.
> All domain controllers on the root and child domains are also DNS
> servers with AD-integrated DNS zones.
>
> On all DNS servers I deleted the default root internet root hints, I
> let the Root Hints tab empty for the root servers and I populated it
> with the root servers addresses on all the child domain DNS servers.
> For all child domains, requested delegations were made into the root
> DNS zone.
<snip>
As Kevin mentioned, there is no need to delete the Root hints. If you create
the Root zone (the dot), you can keep away from internet resolution if
desired and would assume that you have ISA or some sort of proxy server
allowing controlled internet access or none at all.
But there is no need to populate the child domain DNS servers into the Root
hints. That is totally unnecessary. I've configured multiple clients with a
parent (the forest root DNS) to child delegations with forwarding from the
child back to the parent (forest root) DNS and it works like a charm. Of
course they wanted internet resolution, so I would forward from the parent
to the ISP. What you're doing is totally overhead and unnecessary. The
delegation method is the recommended best practice and pretty much the
industry standard (from opinions here in the newsgroups over the past 5
years).
I believe you are getting those errors, and as Kevin mentioned, from
improperly configuring forwarding to each other in essence creating a
possilbe forwarding loop?
For more information on delegations, this should explain a little for you:
255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248
Also that article Kevin mentioned about delegating the TLDs to your "root"
server is a nice one, if you want to go that route.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
If you are having difficulty in reading or finding responses to your post,
instead of the website you are using, if I may suggest to use OEx (Outlook
Express or any other newsreader of your choosing), and configure a newsgroup
account, pointing to news.microsoft.com. This is a direct link into the
Microsoft Public Newsgroups, and it is FREE and DOES NOT require a Usenet
account with your ISP. With OEx, you can easily find your post, track
threads, cross-post, and sort by date, poster's name, watched threads or
subject.
Not sure how? It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Assimilation Imminent. Resistance is Futile.
Infinite Diversities in Infinite Combinations.
=================================
.
- Follow-Ups:
- Re: Event ID 7062 in DNS logs
- From: ovidiu_m_gheorghita
- Re: Event ID 7062 in DNS logs
- References:
- Event ID 7062 in DNS logs
- From: ovidiu_m_gheorghita
- Event ID 7062 in DNS logs
- Prev by Date: OT: The Philly Eagles Re: AD does not start
- Next by Date: Re: AD integrated DNS transfer
- Previous by thread: Re: Event ID 7062 in DNS logs
- Next by thread: Re: Event ID 7062 in DNS logs
- Index(es):
Relevant Pages
|
