• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1292
  • Last Modified:

How to configure DNS on Multiple DCs (AD integrated)

We have 15 DCs in total and we intend to make all DNS and GC.
6 are in a central location on a 100gig LAN connection.  We have made 6 seperate sites to divert client login to specific DCs.
6 are on remote sites with 4Mb connectivity to central site.  
2 are in data centers with 34Mb connections and serve at least 20 remote small sites.

I have configured my first win2k3 DC + DNS + GC (Currently this has all FSMO roles but this will chaneg as we add the other DCs).

I am about to install and add the other DCs next week.  

Q1) When I install the DNS service on the new DCs, How do I configure these? DO I configurte them as secondaries and let AD integration take care of replication?  Please put details in your answers including inatll and config stages.

Q2) As these DCs/DNS servers are AD integrated, DO I have to worry about DDNS records being replicated to ALL DCs?  I will have 5 dedicated win2k3 DHCP servers that serve 80 VLANs.  We use the router Helpers to divert the clients on specific vlans to the specific DHCP servers.    The DHCP servers will be configured with specific userid and password to update DDNS records on behalf of the clients.  My worry is that the 8500 clients will create a lot of DDNS replication traffic as part of AD integrated replication.  

I need this answer urgently.   Thanks



0
mbecmba1
Asked:
mbecmba1
  • 5
  • 4
  • 3
1 Solution
 
Dave_DietzCommented:
1) If your first DNS is set to AD Integrated then I would suggest setting the rest to AD Integrated.  DNS information will replicate automatically.  If you configure them as Secondary zones they will not use AD to replicate.

2) If you set the all to AD integrated DDNS info will be replicated just like all other DNS info.  I believe it will take place during normal AD replication.  AD Integrated has the benefit of allowing compressed transfers so the data shouldn't cause a great amount of extra traffic.

Dave Dietz
0
 
jamesreddyCommented:
Q1) Not at all.  If you made the DNS zones Active Directory integrated, all you need to do is promote the other controllers to an AD Controller, then install DNS.  AD-integrated DNS servers automatically replicate DNS to other Active Directory integrated controllers.  No need to mess with Primary or Secondary servers when you use AD-integrated.  If you did not set up an AD-integrated zone, you can go to DNS properties and change it to an AD-integrated zone.  Once that's done, it's as simple as installing DNS on another AD controller.  All settings will replicate automatically.

Q2)  As long as it is an AD-integrated zone, all settings, DDNS settings, etc...will replicate to all DNS servers on all of your VLANS, providing that replication through the VLANS is occuring properly.  You will need to specify in your DNS settings, however, to allow DDNS updates.  If you do not, those updates will not occur properly.

In any event, the answer is if you use Active Directory, all DNS settings will replicate automatically.  Just make sure you get your VLANS set up properly to allow AD updates, and you should be fine.

James
0
 
jamesreddyCommented:
MAN!  Beat me to it by SECONDS!  :)
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

 
Dave_DietzCommented:
I'm fast.....  ;-)

Dave Dietz
0
 
mbecmba1Author Commented:
Hi Guys,  Thanks for the update but I know the theory quite well.  I know What AD integrated is and I know what happens during replication etc.   What I am not 100% sure of is the practice.  No article I have seen actually shows how to add a secondary.
I know I have to install DNS and add all the DNS server names to the list of DNS servers.  If my server name is called FRED,  do I also add FRED to the list???  

I need a guide through the GUI as I configure this.  

This is NOT a theory question.  Lets see who gets there quicker and ONLY complete answers will be accepted. Please mention all screens I have to pass through etc.  

I am happy to split points etc as you guys seem to be motivated by points.  
Strange life to live guys !!! I am happy with a working system, Pint etc...

Thanks,



0
 
mbecmba1Author Commented:
I installed DNS service on the second AD now.  I am in the "COnfigure a DNS Server Wizard".  I have 3 choices.  To make this AD integrated which one do I choose???    

choices are:
1) Let wixard create a forward lookup zone
2) Let Wizard create a forward and reverse zone
3) Configure root hints only

I took option 2.  

Then it asks to create a Forward lookup zone.  Now I have 3 choices:
1) Primary
2) Secondary
3) Stub ZOne

I have choosen Primary and checked "STORE THE ZONE IN ACTIVE DIRECTORY"

Now I am a bit stuck.  I am choosing the right option here???

 

 
0
 
jamesreddyCommented:
You are correct.  You need to select option 2, then primary and check the box.  You are doing everything perfect.  That's all you need to do.  As soon as you check the box, it makes it an integrated zone and essentially disregards the "Primary Zone" option you selected.

James
0
 
jamesreddyCommented:
Wait...sorry.  I meant that you should be selecting a stub zone, then Store in Active Directory.  Ooops.
0
 
jamesreddyCommented:
Here...I went and found a link that might help clear up the confusion on this.  Stub zones are recommended here because they will ultimately create less traffic.  But anyway, the article will clear up a lot of the confusion.  Has some good screen shots too.

http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html

Hope that helps you.

James
0
 
mbecmba1Author Commented:
I almost agreed with your answer until I read the article.  The ms article mentions that Stub zones are usefull with fultiple domains and forests.  I have a single forest and single domain.  Stub zones reduces the traffic in that situation.  

If I choose to install DNS on the other 15 DCs in my network then should I install them as PRIMARY and add them to the list of DNS servers that have AUTHORITY for the ZONE ???  I am not too worried about traffic as the DDNS and other DNS related data will be compressed and copied as part of AD replication process. 6 of my DCs are on a 100Mbit LAN, another two have a 34MBit connection and the others are on a 4Mbit connection. SO I not exactly on a WAN link.  The so called Wan links are all dual links so I have fault tolerance in my WAN/LAN.

I need to know If anyone for sure has set this up and if they used Primary or Stub.  Secondary does not make sense but PRIMARY probably does.  I am yet to find a sinlge article anywhere that shows exactly how to set this up.  

Help Please.  I am increasing the points to attract properly backed up answers...







   
0
 
Dave_DietzCommented:
Use Primary Active Diectory integrated zones.

By making them all Primary Active Directory zones you gain the following benefits:

They will all be able to make changes to the DNS database as needed.  
They will all be able to accept Dynamic Registrations.
No special configuration needs to be done to set up replication of the zone information.
No single point of failure (If you use Standard Primary and Secondary zones if you lose the Primary server you can't make updates until it is fixed).
You can set one of the DNS servers in each site upwith DHCP to handle Dynamic IP assignment and DNS registrations so there will be less traffic across the slower links (not a big issue in this case but good planning anyway)

Need more?  :-)

Dave Dietz
0
 
mbecmba1Author Commented:
The points are almost yours.  Last night I did configure it as you mentioned. Te wizard also asked me if I wanted to created the reverse lookup zone too which I did exactly as I did it on the first DC.  I did get an error that said the zone already exist which I kind of expected because we are asking both servers to be responsible for the zone.  It created the AD integrated zone fine.  

I obviously have to create the forwarders manually which I will...

last questions:  
1) I have many VLANS (some 250+). DO I have to create the reverse lookup zones for all 250+ VLANS or should I create a big scope reverse lookup zone?  Does it make any differense?  I am sure I read an MS article that too many zones created an issue with DNS.

2) My first DC was a test box called UKLONDC01.  I would like to replace this box with a proper server.  What is the best way of doing this without loosing AD config?  I think I should:

a) Transfer the FSMO roles to UKLONDC02
b) PCPROMO and demote the server
c) Take the server completely out of AD
d) REinstall the new server with the name UKLONCD01
e) DCPROMO and join the domain with the new IP Address
f) Install DNS and go throughthe same issues above

Am I on the right track???  



 




 
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now