Re: NT4 to Windows 2003 : which dns ?
From: Dana Brash (dbrash_at_gmail.com)
Date: 11/08/04
- Next message: Rebecca Chen [MSFT]: "RE: migrate file server"
- Previous message: BT: "win2000 platform file server migrate to win2003 platform"
- In reply to: Tony Scarola: "Re: NT4 to Windows 2003 : which dns ?"
- Next in thread: Tony Scarola: "Re: NT4 to Windows 2003 : which dns ?"
- Reply: Tony Scarola: "Re: NT4 to Windows 2003 : which dns ?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 8 Nov 2004 13:09:28 +0800
Hi Tony,
The only problem with your plan is having one DC at each site. ;-) You
really should have 2..., and make sure you either have a full Global Catalog
or in 2003 enable Universal Group Membership caching for your Branch Site
(and I do mean Site in the AD sense). That said, you CAN use the Root DNS
server as secondary for the Branch clients, but of course that will be as
slow as your WAN link.
If you use a forwarder to your ISP, and the ISP DNS goes down it should
"fail-over" to the root hints. You can also configure multiple forwarders,
which is what I would do. Configure 3 or 4 forwarders and you should never
have to use root hints.
-- HTH, =d= Dana Brash MCSE, MCDBA, MCSA dbrash@NOSPAM.gmail.com "Tony Scarola" <tony[rEm0vEmE]@scarolas.com> wrote in message news:exeYy3TxEHA.1452@TK2MSFTNGP11.phx.gbl... > > Thanks again Dana. Wow, ASCII art! Haven't seen that in a while. :) > > I see what you're saying... My only questions are: > > 1. Any problem using the main office DC/DNS as secondary for branch > clients? I only plan on having one DC/DNS at each branch. > > 2. Any problem using Internet's root DNS instead of ISPs DNS as > forwarders - What happens if ISPs DNS are down, will W2K3 DNS fall back to > root? > > Regards, > > ______ > /_ __/___ ____ __ __ > / / / __ \/ __ \/ / / / > / / / /_/ / / / / /_/ / > /_/ \____/_/ /_/\__, / > /____/ > > > "Dana Brash" <dbrash@gmail.com> wrote in message > news:OA9byLTxEHA.1396@tk2msftngp13.phx.gbl... >> How's this: >> >> /------------\ >> | Main Office| >> | Clients | >> \------------/ >> 1| 2\ >> | [ Secondary DC/DNS] >> | / >> \/ / >> [ROOT DC/DNS]--------> ISP >> | >> \ AD & DNS Zones >> / Replication >> | >> [BRANCH DC/DNS]--------> ISP >> /\ \ >> | \ >> | [ Secondary DC/DNS] >> 1| 2/ >> /------------\ >> |BranchOffice| >> | Clients | >> \------------/ >> >> ============================= >> Main ROOT DC >> IPCONFIG >> DNS 1: Self >> DNS 2: Empty >> DNS Forward: >> ISP >> >> Main Secondary DC: >> DNS 1: Main ROOT >> DNS Forward: >> Main ROOT >> ISP >> ============================= >> Branch ROOT DC >> DNS 1: Self >> DNS 2: Main ROOT >> DNS Forward: >> ISP >> >> Branch Secondary DC: >> DNS 1: Branch ROOT >> DNS Forward: >> Branch ROOT >> ISP >> ============================= >> >> You must get your zone replication happening first so that the DNS >> servers know where their replication partners are. To to this, you'll >> initially want to have your Branch Office DC pointing to the Main Office >> Root DC for resolution. After the zone has replicated you should be able >> to change this setting back to self, with Main Office as secondary. >> >> For client name resolution requests, what you don't want to have >> happening is to have the Branch DNS forward all lookup requests back to >> the main office DNS. e.g. >> Branch Client -> Branch DNS -> Main DNS -> ISP -> Main DNS -> Branch >> DNS -> Branch Client >> >> Which is why the Branch ROOT DC forwards to the ISP. Then you have: >> Branch Client -> Branch DNS -> ISP -> Branch DNS -> Branch Client >> >> -- >> HTH, >> =d= >> >> >> Dana Brash >> MCSE, MCDBA, MCSA >> >> dbrash@NOSPAM.gmail.com >> >> "Tony Scarola" <tony[rEm0vEmE]@scarolas.com> wrote in message >> news:eF57lpRxEHA.3336@TK2MSFTNGP11.phx.gbl... >>>I was thinking of simply installing AD-integrated DNS on the branch DCs. >>>These would be in different AD sites, single domain. By "branch site" I >>>assume you mean the clients in that site. Therefore, I would have >>>clients --> branch DC/DNS ---> root DC/DNS for name resolution (primary), >>>and clients --> root1, branch DC/DNS --> root2 DC/DNS (secondary). >>> >>> "Dana Brash" <dbrash@gmail.com> wrote in message >>> news:OUwzswOxEHA.1988@TK2MSFTNGP12.phx.gbl... >>>> Hi Tony, >>>> >>>> That would depend on how you have your zones and replication set up. >>>> >>>> If you have a local DNS Server at the branch office that is storing a >>>> copy of the zone (generally a good idea) then the branch site points to >>>> the local dns server. You could add root as a secondary DNS server for >>>> clients as well, but you'd be better off using a secondary DNS server >>>> if at the branch if you're concerned about redundancy. Remember, if >>>> the clients in the branch office need to find servers in the home >>>> office, the branch office dns should be pointing them to the right >>>> place. >>>> >>>> Chances are you've got your branch and home office on different subnets >>>> as well, so make sure to set up your reverse lookup zones properly >>>> also. >>>> >>>> -- >>>> HTH, >>>> =d= >>>> >>>> >>>> Dana Brash >>>> MCSE, MCDBA, MCSA >>>> >>>> dbrash@NOSPAM.gmail.com >>>> >>>> "Tony Scarola" <tony[rEm0vEmE]@scarolas.com> wrote in message >>>> news:O%23oNavNxEHA.3808@TK2MSFTNGP15.phx.gbl... >>>>> Dana, >>>>> >>>>> You mention that the clients should point to the root DC for DNS >>>>> resolution. Would this also be the case for clients at a branch site >>>>> (over a WAN link) if they have their own DC w/ AD-DNS? Or would they >>>>> point to their local DC first, and have root as secondary? I've always >>>>> been a bit confused by this. >>>>> >>>>> Thank you in advance, >>>>> Tony >>>>> >>>>> "Dana Brash" <dbrash@gmail.com> wrote in message >>>>> news:ePm%23npMxEHA.4004@tk2msftngp13.phx.gbl... >>>>>> Hi Vincent, >>>>>> >>>>>> You can configure DNS as part of the installation of AD on your new >>>>>> server, but I always prefer to get DNS working properly before hand. >>>>>> It seems to save time cleaning up event log error messages after >>>>>> installing AD.... >>>>>> >>>>>> Make sure you plan you namespace properly: >>>>>> Active Directory, ADSI and Directory Services Technical Articles >>>>>> >>>>>> Microsoft Windows 2000 Namespace Design ~~ A more thorough Discussion >>>>>> >>>>>> http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/dnaractdir/html/Namespace_Design.asp >>>>>> >>>>>> >>>>>> >>>>>> Clients should point to the new server for DNS resolution as you >>>>>> mentioned. Their primary DNS should be the Root DC, and their >>>>>> secondary DNS should be the secondary DC. Both DC's should be >>>>>> running DNS and have AD integrated forward and reverse lookup zones. >>>>>> >>>>>> >>>>>> >>>>>> The Root server should point to itself for DNS resolution ONLY. Do >>>>>> not configure a secondary DNS lookup for the root DC. The Secondary >>>>>> DC(s) should point to the root DC for DNS as well. >>>>>> >>>>>> >>>>>> >>>>>> The DNS server will have two options for resolving lookups. The >>>>>> first option, which is how it works by default, is by using the Root >>>>>> Hint records that configure as part of the DNS Service installation. >>>>>> The preferred method of configuration is to use your ISP as a DNS >>>>>> forwarder on your DNS Server. In DNS management console >>>>>> (dnsmgmt.msc) right click and select properties for the root DC's >>>>>> server name. On the Forwarders tab click 'Enable Forwarders' and set >>>>>> the IP address that you got from your ISP, or your favorite public >>>>>> DNS server. >>>>>> -- >>>>>> HTH, >>>>>> =d= >>>>>> >>>>>> >>>>>> >>>>>> Dana Brash >>>>>> MCSE, MCDBA, MCSA >>>>>> >>>>>> dbrash@NOSPAM.gmail.com >>>>>> >>>>>> "Vincent Schmid" <nospam@nospam.com> wrote in message >>>>>> news:2v6j51F2h13emU1@uni-berlin.de... >>>>>>> Hello, >>>>>>> >>>>>>> We are planning to migrate our NT4 server to Windows 2003. We will >>>>>>> configure a simple domain which will have one server and about 50 XP >>>>>>> clients. The server will have dns installed at the same time than >>>>>>> active directory. >>>>>>> >>>>>>> I'm not quite sure how the dns should be configured in the network >>>>>>> TCP/IP settings of the machines : >>>>>>> >>>>>>> - Clients : Now they point to an IP which was given by our internet >>>>>>> provider. I suppose that we will have to redirect them to the IP of >>>>>>> the new server ? >>>>>>> >>>>>>> - What about the server ? Should the TCP/IP settings of the >>>>>>> connexion point to the internet provider dns or to the server itself >>>>>>> ? >>>>>>> >>>>>>> - Where does the Windows 2003 dns get his information from ? do we >>>>>>> have to indicate some known dns server in its configuration ? >>>>>>> >>>>>>> >>>>>>> Thanks in advance for any help, >>>>>>> Sincerely, >>>>>>> Vincent Schmid >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
- Next message: Rebecca Chen [MSFT]: "RE: migrate file server"
- Previous message: BT: "win2000 platform file server migrate to win2003 platform"
- In reply to: Tony Scarola: "Re: NT4 to Windows 2003 : which dns ?"
- Next in thread: Tony Scarola: "Re: NT4 to Windows 2003 : which dns ?"
- Reply: Tony Scarola: "Re: NT4 to Windows 2003 : which dns ?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
