Re: DNS Redesign Issue
- From: Jason1320 <Jason1320@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 21 Aug 2006 06:59:02 -0700
I think I have my question answered in that I will have to manually create at
least some of the records, not a problem. I just want to clear up one more
thing before we close this thread.
Currently all domain controllers point back to the TLD for either their
primary or secondary DNS. This is because tbe TLD DNS server is the only
writable NDS server right now. After I create the new AD primary zone in the
child domain, deligate athority, and create the static records, do I want to
set the new child domain DNS server as primary for the domain controllers?
What about all the AD created records in the company.com domain? Should I
run netdiag /fix and restart the netlogon service to recreate the records?
(You had mentioned forwarders previously, but if the network connection fails
there will be issues.)
Thanks,
Jason
"Jason1320" wrote:
We have hundreds of records for non-Windows servers and appliances. Most of.
these are unable to create their own records. There are also MX records,
aliases, and SRV records that will not be automaticlly recreated. I need to
do this as seamlessly as possible and missing anyone of these records would
cause an outage.
Thanks,
Jason
"Jorge Silva" wrote:
-Why you want to export the Zone? The records are automatically created as
long as you allow Dynamic updates?
-Using DNS console you can right-click the zone and export to a File,
however with this exported file you can't create a zone.
-To export a Zone and import that Zone in another DNS Server you need to use
Dnscmd.
-C:\Dnscmd ServerName /ZoneExport child.domain.com Filename.dns (this file
will be automatically created in DNS folder under System32, the File must
have a .dns EXTENSION, the other problem with this is that you might need to
change some information on that file, like for example the SOA owner, and/or
the NS records, then you copy that file to the other DNS server, you can
start by creating a new Primary zone then you have the option to give the
name of the file that contains)
http://technet2.microsoft.com/WindowsServer/en/library/ed0e4eeb-34a5-420e-aa6a-961ae5fa0f291033.mspx?mfr=true
Attention you can only export and import a zone if that zone will be equal
in the other DNS server, although you can export information to ONLY PART
(like a delegation) you can't use that exported file you can't create a
zone.
*Using the Dns console:
Right click the zone that you want to export and choose the option export
list, save the file "Test01.txt".
(Open the file and check the format)
*Using Dnscmd
Dnscmd ServerName /ZoneExport child.domain.com Test01.dns
(Open the file and check the format)
-Compare both...
Now the real question here is why do you want to do that??? There's no need
to have all this work, DNS can dynamically register this records if you
allow it to do so. If you're concern about some manual created records you
can export the zone using any of the above commands, and then just create a
script with Dnscmd to create them automatically.
Dnscmd [ServerName] /recordaddZoneNameNodeNameRRTypeRRData
Check:
http://technet2.microsoft.com/WindowsServer/en/library/ed0e4eeb-34a5-420e-aa6a-961ae5fa0f291033.mspx?mfr=true
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Jason McKee" <JasonMcKee@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4E27292B-EAAF-4FB8-9514-3D2D1BA124ED@xxxxxxxxxxxxxxxx
From another news group:
From your description, my understanding on this issue is that you would
like to change the current DNS design and create AD integrated zone for
each subdomain.
Unfortunately there's no efficient way to extract the domain information
for dallas.company.com from the company.com zone. However, if you are
using
DHCP, clients should be able to dynamically and automatically
register/update records with the configured DNS server, and you don't need
to manually re-input everything.
Considering the current situation, we suggest you follow the guideline
below:
1. Delete the current dallas(.company.com) and other subdomains on DNS
server in the root domain
2. On DNS server in the root domain, delegate dallas to DNS server in the
child domain
3. Create a child zone dallas on the DNS server in the child domain
4. Configure all clients in the child domain to use DNS server in the
child
domain as Primary DNS server
5. Add the parent (root) DNS server as a forwarder on the child DNS
server.
For more information, please refer to the following documents:
255248 How To Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain
http://support.microsoft.com/kb/255248
323418 How To Integrate DNS with an Existing DNS Infrastructure If Active
Directory Is Enabled in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;323418
How DNS Support for Active Directory Works
http://technet2.microsoft.com/WindowsServer/en/library/9d62e91d-75c3-4a77-ae
93-a8804e9ff2a11033.mspx?mfr=true
"Jason McKee" wrote:
This is great information and I understand all these concepts but I think
you
are missing the point of what I am trying to do. In my top level domain
I
have one primary zone for company.com. That zone contains 9 sub domains
(dallas.company.com, detroit.company.com, la.company.com, etc.) I want
to
delegate these domains but first I need to get the information out of the
tld
zone and into the primary zones that will be created in the child
domains.
If it were possible I would want to "cut" the Dallas folder from the
company.com domain and paste it as the root of the child primary domain.
I
want to do this for all 9 sub domains. However this is not possible so I
want to find the easiest way to do it without recreating all of the DNS
records.
Thank you,
Jason McKee
MCSE/MCSA (Messaging) 2003
"Jorge Silva" wrote:
Hi again
Looks like you're out of sync so:
I'm going to try to provide you a solution (but remember you can have
different implanted solutions to achieve the same thing), if you
desagree
with something please let me know.
You've 1 top Root Domain and several child domains.
You want to design a DNS infrastructure for all domains.
-Objectives are: availability of the name resolution for all domains in
the
forest, reduce administrative work configuring them, reduce the
Replication
traffic.
-Ok, assuming that you've all DNS servers in DCs (Why on DCs, because
you
can benefit in terms of security, you can integrate it with AD, provide
you
less admin work and you can use replication to replicate the zones for
existent DNS server in your network):
-Generally the Root Domain is used only for administration; I don't
know if
this is your case, but generally the top root domain has few
information on
it, and is rarely changed in terms of changes, let's begin:
1-Using Stub zones in the root or child domains isn't generally a good
idea,
why? Well Stub zones do not remove the requirement for delegations,
Stub
zone data doesn't transfer during zone transfers like delegation
information
does, so if the parent zone is transferred without delegation
information,
how will server find child zones?), So configuring Stub zones aren't an
option here.
-In the Top Root Domain you make the domain.tld and _msdcs.domain.tld
AD
Integrated. Because you only have Windows 2003 in your forest make sure
that
you have your FFL at Windows 2003, Why? - Because among other things
you can
benefit with replication (only changes are replicated). Next configure
delegation, delegate each child domain to the correct server(s).
Configure
the replication scope of the Top Root Domain "domain.tld"and the
"_msdcs.domain.tld" available across the forest. Why? - Well First we
have
availability, even if the link is down the name resolution works
because all
servers have a copy of that zone, including other CHILD domains NS
records,
so the servers can resolve the other child domains even if the link
with the
Top Root is down, Second we have less Admin work, because the zones
will be
transferred without any additional configuration, Third the
_msdcs.domain.tld contain information about Global catalog and other
domain/forest important records and they only exist in parent (root)
DNS
server (this zone contains information that IS ONLY AVAILABLE IN THE
ROOT),
so is always a good practice to replicate the root _msdcs.domain.tld
across
the forest.
- So why not Primary Zone? - To much configuration to be done, is
un-secure,
you can't benefit of AD replication, to use it in child domains you
would
need to allow zone transfer each time that you add anew DNS server
(which
represents more admin work).
- So why not Secondary Zone? - Well to have a secondary zone you must
have a
Primary Zone then you must configure that primary zone to allow zone
transfers (more admin work each time that you add anew DNS server) and
BTW
Primary Zones are not secure as AD Integrated Zones, But Wait a minute.
We
can have AD Integrated Zone, and configure other DNS Servers with
Secondary
Zones. Sure, but you still need to allow Zone transfer each time that
you
Add a new DNS server (More Admin Work), so why not use Replication and
leave
all Admin work for Windows, and we never have to worry about
configurations
and stuff like that.
What About Internet Resolution? Well we have Forwarding for that, you
can
benefit of Forwarding to allow Internet resolution in each domain.
Top Root is done.
Time to Child Domains:
-Child Domains: well because we already have the domain.tld,
_msdcs.domain.tld and all forest delegations in the DNS server(s)
across the
forest, this means that the child domains can resolve all existent
domains,
GCs, Existent Sites configuration, etc. So now we only need to
configure the
child zone itself, nothing more. Make it AD Integrated, configure the
replication scope to All DCs in the DOMAIN, and you're up and running.
Related Links:
How to Create a Child Domain in Active Directory and Delegate the DNS
Namespace to the Child Domain
http://support.microsoft.com/kb/255248/
Conditional Forwarding in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;304491
How to configure DNS for Internet access in Windows Server 2003
http://support.microsoft.com/kb/323380/
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Jason McKee" <JasonMcKee@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2155B3C6-1B0F-4C60-8666-EF73F1018A65@xxxxxxxxxxxxxxxx
I agree. The question is how to get the domains for the child zones
out of
the single existing zone for company.com. You can't simply copy and
paste
it, and recreating all the records would take hours. And I don't
want the
whole company.com domain replicated to all the child domains.
Thanks
Jason McKee
MCSE/MCSA (Messaging) 2003
- Follow-Ups:
- Re: DNS Redesign Issue
- From: Jorge Silva
- Re: DNS Redesign Issue
- References:
- Re: DNS Redesign Issue
- From: Jorge Silva
- Re: DNS Redesign Issue
- From: Jason1320
- Re: DNS Redesign Issue
- From: Jorge Silva
- Re: DNS Redesign Issue
- From: Jason McKee
- Re: DNS Redesign Issue
- From: Jorge Silva
- Re: DNS Redesign Issue
- From: Jason McKee
- Re: DNS Redesign Issue
- From: Jorge Silva
- Re: DNS Redesign Issue
- From: Jason McKee
- Re: DNS Redesign Issue
- From: Jason McKee
- Re: DNS Redesign Issue
- From: Jorge Silva
- Re: DNS Redesign Issue
- From: Jason1320
- Re: DNS Redesign Issue
- Prev by Date: Re: DNS Redesign Issue
- Next by Date: Re: W2K3 DNS setup & isp hosted domain.
- Previous by thread: Re: DNS Redesign Issue
- Next by thread: Re: DNS Redesign Issue
- Index(es):
Relevant Pages
|
Loading
