Re: Default SOA and NS records with Windows 2000 AD Integrated DNS

In news:eqtutv$ZIHA.3652@xxxxxxxxxxxxxxxxxxxx,
Brad Baker <brad@xxxxxxxxxxxxx> typed:

So you got me curious now, and with all due respect, I am not
criticizing
anyone, just curious - What was the reason for choosing to use DCs for
public DNS servers? Just for AD integrated zones? There's a huge
overhead with DCs just to reap that benefit, especially with hundreds
of zones. Are these DCs your domain controllers for your internal
corporate domain as well?

As mentioned above - cost savings and ease. We already had DNS
servers setup for AD I'm sure it just made sense at the time to
re-use it. As far as performance goes we've never really noticed an
issue.
The only reason we're running into a problem now is due to the way AD
integrated DNS works - I.E. it seems to register some records
(primarily SOA and NS) itself and its using server names that we
don't really want utilized. We're planning up upgrading our DC's and
as such the DC server names will change. This will result in problems
with all our DNS zones as I think we will end up with invalid NS
records and conceivably SOA records.

This is default DC behavior. Lot's of tinkering and registry alterations to
FORCE it to work. It's not really worth it. Another reason to use
standalones. DCs are DCs and for a DC to work, it registers records beyond
just the IP address and hostname because the netlogon service also regsiters
data that you should not alter. Another reason...

I can't see costs savings when it involves administrative overhead to
maintain and figure out how AD should work and how to alter default behavior
to make it work so it is just a DNS server.






Multihoming a DC can be a disaster for the DC as well.

I've heard that before from Microsoft support - one of our two dcs/dns
servers has multiple IPs on it. I'm hoping to fix that when we
upgrade AD.




Upgrading AD will not help with multiple NICs. It is NOT advised to
multihome a DC. Period. Google 'multihomed DCs' and view my comments as well
as other engineers'. Due to DNS registration of SRV records and the
LdapIpAddress and GcIpAddress records, multihoming causes major issues with
DCs.

Ace


.

Relevant Pages

  • Re: Pre-authentication failed for Windows 2008 systems
    ... This posting is provided "AS IS" with no warranties, ... If you are asking if the primary DNS zone contains A ... Active Directory Integrated Zones ... There are no WINS servers configured for this interface. ...
    (microsoft.public.windows.server.security)
  • Re: Forward lookup zone not automatically created for new domain in fo
    ... Company.biz is the forest root. ... forward lookup zones on the domain controllers hosting shell.company. ... You need your DNS servers in every domain/tree ... servers are Win2003 you can do forest wide AD Integration ...
    (microsoft.public.windows.server.active_directory)
  • Re: build now, join later
    ... admin rights in a child domain. ... instance configure DNS for failover, ... requires more than two dozen servers, ... them to create the child domain and their DCs with it, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Slow Logins and Slow Boot-up
    ... The DCs all have static IP, Each with DNS servers (pointing to themselves ... Clients have DHCP with DNS pointing to the 2 DCs in my main site. ... in Remote Site Hosted off site Email server -- Firewall site VPN ...
    (microsoft.public.windows.server.active_directory)
  • Re: I can not figure out why?
    ... I have two windows 2000 DCs and two Windows 2003 DCs. ... all workstations new DNS to point the new DNS through the DHCP server ... you must be careful when selecting the new servers to be DNS servers. ... If the zone is ...
    (microsoft.public.windows.server.active_directory)
Loading