Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- From: "Tony Scarola" <tony[remove_this_spamblock]@scarolas.com>
- Date: Sat, 5 Aug 2006 23:08:49 -0400
Jorge,
What is wrong?
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:eJntkD%23tGHA.2260@xxxxxxxxxxxxxxxxxxxxxxx
Hi
wrong...
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Tony" <someone@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%233rrWvwtGHA.2088@xxxxxxxxxxxxxxxxxxxxxxx
Thank you. I will need to configure forwarders at all the branches to go
to the two HQ DNS servers and remove the root hints from the branch DNS
settings. Thanks again.
"Anthony" <anthony.spam@xxxxxxxxxxxxxx> wrote in message
news:%23fgPRrwtGHA.1888@xxxxxxxxxxxxxxxxxxxxxxx
Root hints are simply a default list of external dns servers. In other
words, if you forget to configure anything, your DNS server will still
resolve external names. Root hints should be replaced by your intended
forwarders. There is a technique for removing the root hints, but as
long as you configure a forwarder I don't think you really need to
bother.
If your administrators want only to allow the two central DC's to
forward externally, then you should configure your branch DC's to
forward to the two central ones. The root hints will be redundant. This
is good because it also allows the central DCs to host other DNS zones
without having to copy them out to all the branches.
Anthony
"Tony" <someone@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:uS4W7dwtGHA.1536@xxxxxxxxxxxxxxxxxxxxxxx
Hello everybody.
I am a little confused about AD-integrated DNS and root hints, &
forwarders and the best configuration for our environment.
The Internet firewall administrators want to restrict outbound access
for DNS (TCP/UDP port 53) down to the two root domain controllers at HQ
only - in other words, they only want the two root domain controllers
at HQ to be allowed to talk to any servers in the world regarding DNS -
no other servers.
Here is our current setup:
- Two W2K3 root domain controllers running AD-integrated DNS located at
HQ
- These two root DCs DNS are configured with four forwarders (to the
local ISP DNS servers) and the default root hints
- Eighteen branch offices each with single W2K3 DC with AD-integrated
DNS
- The branch office DCs DNS is configured with default root hints
only - no forwarders
- The workstations at HQ point to both local DCs for all DNS resolution
- The workstations at branch offices point to a) local DC and b) one HQ
DC for DNS resolution
So, I believe we have the two root DC DNSs configured properly with
both forwarders and root hints. However, I'm confused about the DNS
configuration settings of the branch DCs. Will I need to setup
forwarders on them to point back to the two root DCs DNS servers at HQ?
Will I also need to remove the default root hint settings? Should I do
anything else?
Thank you in advance.
Tony
.
- Follow-Ups:
- Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- From: Jorge Silva
- Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- References:
- AD-Integrated DNS - Root Hints, Forwarders, Confused!
- From: Tony
- Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- From: Anthony
- Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- From: Tony
- Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- From: Jorge Silva
- AD-Integrated DNS - Root Hints, Forwarders, Confused!
- Prev by Date: Re: Issue with port blocking on public DNS server
- Next by Date: Re: Issue with port blocking on public DNS server
- Previous by thread: Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- Next by thread: Re: AD-Integrated DNS - Root Hints, Forwarders, Confused!
- Index(es):
Relevant Pages
|
