Re: Can DNS be removed?
- From: "Fred T" <fredt2@xxxxxxxx>
- Date: Sat, 4 Mar 2006 07:58:14 -0600
Marc,
Do you not have a firewall? Do all your PCs have public addresses?
Fred
"Kevin D. Goodknecht Sr. [MVP]" <admin@xxxxxxxxxxxxxx> wrote in message
news:e9ZotdtPGHA.2816@xxxxxxxxxxxxxxxxxxxxxxx
Marc wrote:
My division has been informed that our DNS service will be moved to a
remote location and managed externally. Currently, we have 10 Domain
Controllers, all active directory integrated dns in a single domain
in a forest.
1. Is this even possible to removed DNS from our forest and use stand
alone, remote dns?
Yes, it is possible, DNS is required for Active Directory, but it is not
required to be on a DC. It is highly recommended for DNS to be on a
trusted
DC, if Dynamic Updates are going to be allowed. If you are not using
dynamic
DNS, be aware you are going to have to manually create all Netlogon
records
for all DCs. You will also have to disable dynamic updates on the DCs,
because they will still attempt to register their records in the
Authoritative zone for their AD domain, regardless of where the DNS is
located. If a DC cannot register, it will log many Netlogon events.
2. Are there any documents to show the pros and cons of this change?
I think it is a bad idea, mainly because our network link to the
remote site goes down from time to time.
I will certainly agree with you on this point, if the link goes down it
will
certainly put a major crimp in productivity, but this sounds more like a
political decision than a technical decision. But, to make recommendations
on technical problems with this move depends on a lot of unknown factors.
3. Can the DNS name be changed without doing a domain name change?
No, the AD domain name can only be changed on a Windows Server 2003
functional level domain. There are ways of changing the name on a Windows
2000 domain, but all required basically going all the way back and
building
a new domain from the start, either by rolling back to NT4, and upgrading
the PDC with a new AD name, or by building a totally new parallel domain
creating trust between the old and new domain, then use ADMT to migrate
all
accounts to the new domain.
Right now our DNS name space matches or domain name:
Current: ftc.companyname.division.gov will change to
companyname.newdivision.gov
4. They also are planning to take DHCP offsite remotely manage it
outside the forest. Is there any problems with this?
Anytime a DHCP server is offsite and not on the local network it can cause
major problems at best, at worst, it could take down the entire network if
a
DHCP server is not available at all times to assign IP addresses on the
correct subnet.
Currently: 75% Windows 2003 with Windows 2000, 1 NT 4 server, a hand
full of Unix boxes and Exchange 2003 sp1. Workstations are all XP
Pro Sp1. All DCs are 2003.
From what you are describing this could turn into a major technical SNAFU,
which happens a lot when politics is used what should be technical
decisions.
825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;825036&sd=RMVP
323380 - HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;323380&sd=RMVP
246804 - How to Enable/Disable DNS updates in Windows 2000 and in Windows
Server 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;246804&sd=RMVP
255913 - Integrating Windows 2000 DNS into an Existing BIND or Windows NT
4.0-Based DNS Namespace
http://support.microsoft.com/default.aspx?scid=kb;en-us;255913&sd=RMVP
272294 - Active Directory Communication Fails on Multi-homed Domain
Controllers
http://support.microsoft.com/default.aspx?scid=kb;en-us;272294&sd=RMVP
267855 - Problems with Many Domain Controllers with Active Directory
Integrated DNS Zones
http://support.microsoft.com/default.aspx?scid=kb;en-us;267855&sd=RMVP
292822 - Name Resolution and Connectivity Issues on Windows 2000 Domain
Controller with Routing and Remote Access and DNS Installed
http://support.microsoft.com/default.aspx?scid=kb;en-us;292822&sd=RMVP
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
.
- References:
- Re: Can DNS be removed?
- From: Kevin D. Goodknecht Sr. [MVP]
- Re: Can DNS be removed?
- Prev by Date: DNS SOA Help
- Next by Date: Re: DNS SOA Help
- Previous by thread: Re: Can DNS be removed?
- Next by thread: Re: Can DNS be removed?
- Index(es):
Relevant Pages
|
