Re: Active Directory Integrated zones questions
- From: "Kevin D. Goodknecht Sr. [MVP]" <admin@xxxxxxxxxxxxxx>
- Date: Sat, 15 Jul 2006 06:09:10 -0500
Tom wrote:
Some DNS confusion, any clarification deeply appreciated.It should have the name of each DNS server that has the zone.
Configuration: Three child domains (all Native Win 2003) - rem01,
rem02, and rem03.domain.internal and a root domain - domain.internal,
each with two DC/DNS servers. All DNS servers use AD Integrated
zones with replication scope to all DNS servers in Domain. Forwarders
from the child domains to ISP DNS for internet name resolution. Hub
and spoke VPN from root to child domains.
Question groups:
1. Should the Name Servers tab on each zone contain only the names of
the two servers in each domain and should you list only the
"authoritative" servers for the domain on this tab?
Is this list in a priority order?
There is no priority order, but each server having the AD integrated zone,
will have itself named as the Primary on the SOA record. This has as much to
do with making sure each server accepts zone updates as it does anything
else, clients will send zone updates to the master name server.
2. Stub zones on each DNS server for the other three (2 child and 1Yes, if you mean hosts.
root domain) zones will work for name resolution between hots in
different domains?
Is any other configuration needed to make stub zones work such as aStub zone work more like a delegation than a forwarder.
forwarder to each child/root domain?
Should/can stubs be AD integrated?
As long as there are no Win2k DCs, yes. Replication to DNS servers in the
domain is OK.
3. Will zones configured as "AD integrated - Replication to all DNSStub zone have only NS records and Glue records.
servers in domain" show up in the DNS GUI tool only under the DNS
servers for said domain? Another, way...I should not see fully
populate zones in rem01 when looking under rem02 DNS servers zone for
rem01...I should see only the stub with name servers for rem01 zone?
4. Is it possible to "transfer" a zone from an AD integrated zone to aYes, the transfer works just like any other Primary/Secondary zone.
non-AD integrated "secondary"?
One zone I did not see a mention is the _msdcs.forestrootdomain that is
created when you let Win2k3 DCPromo configure DNS on the first DC, this zone
should be on ALL DNS servers in the forest, and is where all DCs register
their GUID record , and where Global Catalogs register their records. Each
Member of domains in the forest need access to this zone is why the zone
replicates forest wide.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
.
- Follow-Ups:
- Prev by Date: Re: IBM MQ series 5.1 for win NT failing on 2003 server,
- Next by Date: Re: WINS problem ...
- Previous by thread: IBM MQ series 5.1 for win NT failing on 2003 server,
- Next by thread: Re: Active Directory Integrated zones questions
- Index(es):
Relevant Pages
|
|
