Re: Force AD to use TCP not UDP.

From: "Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx>
Date: Wed, 27 Jul 2005 22:18:51 +0200

I don't have whole picture of your network -- but can't you use local ISP to
resolve internet related DNS (this would cut down on traffic over saturated
line) and replicate your internal (Active Directory) DNS to other sites for
local resolution?

--
Mike
Microsoft MVP - Windows Security

"Mr.B" <MrB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F4F41B19-47C4-426B-96B4-2EAD5ABCFD51@xxxxxxxxxxxxxxxx
>
> I use netscreen in both locations. The lines are gating saturated. I don't
> wont to put another channel through. The major problem is in root domain,
> especially with DNS. For a month now i have problem with mail delivery
> from
> FE server to out, because FQDN does not getting resolved. The symptoms are
> something like that . You try nslookup i try to find domainx.com, and i
> tried
> first, try the fourth time and i get the error, i chouse ISP DNS, i don't
> get
> name resolved, next i get name resolved, and the thirty time i don't get
> name
> resolved. There is enormous amount UDP traffic related to DNS. I change
> timeouts for forwarder to 10s.
> But i post DNS problem in separate topic.
>
> "Miha Pihler [MVP]" wrote:
>
>> Hi,
>>
>> How about using IPSec for all the traffic between Active Directories?
>>
>> Active Directory Replication over Firewalls
>> http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx
>>
>> How to Enable IPSec Traffic Through a Firewall
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;233256
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "Mr.B" <MrB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:D188AF4E-D0C0-4004-9388-ADDC2ED4CD5F@xxxxxxxxxxxxxxxx
>> > Ok, for DNS.
>> > I would like to transfer as much traffic from udp to TCP. If DNS and
>> > WINS
>> > are not possible it is not important. The most important part is AD and
>> > AD
>> > replication and all related services and ports that are use for
>> > communication...
>> >
>> >
>> > "Miha Pihler [MVP]" wrote:
>> >
>> >> DNS actually uses both -- TCP and UDP.
>> >>
>> >> TCP is used for zone transfer (if you don't use Active Directory
>> >> Integrated
>> >> Zones) and UDP is used for DNS queries.
>> >>
>> >> Changing UDP (if possible!) would also mean reconfiguring all the
>> >> clients
>> >> (you would have to tell them to use TCP and not UDP any more)...
>> >>
>> >> --
>> >> Mike
>> >> Microsoft MVP - Windows Security
>> >>
>> >>
>> >> "Mr.B" <MrB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:732E925E-2865-45A3-91F5-991982708938@xxxxxxxxxxxxxxxx
>> >> >
>> >> > I have several sites, which are connected with routers. UDP packets
>> >> > are
>> >> > getting fragmented, and a lot of thing does produce error, that is
>> >> > usually
>> >> > network related.
>> >> >
>> >> > I use this link:
>> >> > http://support.microsoft.com/default.aspx?scid=kb;en-us;244474
>> >> > To force clients to use TCP not UDP, and i would like to fix these
>> >> > on
>> >> > DC.
>> >> > I
>> >> > would like to force that all domain controllers use TCP not UDP for
>> >> > communications.
>> >> > Can DNS be force to use TCP? I know that part of the zone is
>> >> > replicated
>> >> > with
>> >> > AD replication, but I would like to do it even without that.
>> >> > Kan I force WINS replication between partners in different sites to
>> >> > use
>> >> > TCP
>> >> > for replication...
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>

.

Follow-Ups:
- Re: Force AD to use TCP not UDP.
  - From: Mr.B

References:
- Force AD to use TCP not UDP.
  - From: Mr.B
- Re: Force AD to use TCP not UDP.
  - From: Miha Pihler [MVP]
- Re: Force AD to use TCP not UDP.
  - From: Mr.B
- Re: Force AD to use TCP not UDP.
  - From: Miha Pihler [MVP]
- Re: Force AD to use TCP not UDP.
  - From: Mr.B

Prev by Date: Re: Autorisation access
Next by Date: Testing configurations
Previous by thread: Re: Force AD to use TCP not UDP.
Next by thread: Re: Force AD to use TCP not UDP.
Index(es):
- Date
- Thread

Relevant Pages

Re: Network reporting incorrect IP for PC?
... The name resolution doesn't happen via the Active directory. ... DNS and WINS servers. ... > Remote Desktop Connection, and I've met nothing bet failure. ... How do I resolve ...
(microsoft.public.windows.server.dns)
Re: Network reporting incorrect IP for PC?
... The name resolution doesn't happen via the Active directory. ... DNS and WINS servers. ... > Remote Desktop Connection, and I've met nothing bet failure. ... How do I resolve ...
(microsoft.public.windows.server.networking)
Re: do I need to configure Forwarder in my AD DNS???
... > Is it good practice not to configure my Local DNS to forward Query (if ... > failed to resolve it) to Public DNS? ... > Since the users relying in Proxy to solve external names ... Microsoft Windows MVP - Active Directory ...
(microsoft.public.win2000.dns)
Re: Need Help from DNS Expert on Subdomain DNS Records
... When you use nslookup to resolve these names do you get the correct internal ... domain from within and outside our firewall. ... public IP to point to the same private IP, ... You need to verify that the all DNS servers assigned to a the DNS Client be ...
(microsoft.public.windows.server.dns)
Re: Cannot a DC, HOPELESS Case
... If the DC is not fully registered in DNS then it won't resolve ... the DCs NIC properties specify the correct DNS server. ... >>> error whenever I'm running DCpromo! ...
(microsoft.public.win2000.active_directory)