Re: DNS migration to Active Direcotry
- From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
- Date: Mon, 30 Oct 2006 09:15:38 -0500
In news:B711F9C7-118F-44D3-A52A-856EA24CEAC4@xxxxxxxxxxxxx,
Domain Admin <DomainAdmin@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I
commented on below:
Hi Ace, thanks for responding. We have 4 name servers out of state
with 6 in house servers running 2003. I think the schema is basically
a fan schema. replicating back to the second server or circular
pattern for disaster recovery. I did run across a problem today with
our name servers. When looking at certain zones under SOA, the Name
server IP address says Unknown and doesn't resolve under DNS console.
When looking under nslookup the name servers do resolve by IP. Even
when clicking on resolve an error message says can not resolve. Zones
are allowed transfer to any server. I would like to enhance security
and change to scope of IP address. However name servers don't resolve
by the IP. Does that make sense?
Sorry for the late response. Been busy and had a final exam to study for.
Yes, that does make sense. I've seen in some cases when specifying an SOA
that it does not resolve but does using a ping or nslookup. In those cases,
I just manually specifiy the FQDN and IP address of the nameserver.
If zone transfers are set to only allow from specific nameservers, that is
your best bet for zone transfer security. However, if all DNS servers are
part of an AD infrastructure, dependin on your AD intergrated zone design,
setting zone transfers is not required.
Ace
.
- References:
- Re: DNS migration to Active Direcotry
- From: Ace Fekay [MVP]
- Re: DNS migration to Active Direcotry
- From: Domain Admin
- Re: DNS migration to Active Direcotry
- Prev by Date: Re: Secondary Zone versus forwarders?
- Next by Date: Re: Computers Registering Two IPs
- Previous by thread: Re: DNS migration to Active Direcotry
- Next by thread: RE: NSLookup failure in DNS
- Index(es):
Relevant Pages
|
