Solved

DNS

Posted on 2004-10-05
9
323 Views
Last Modified: 2010-05-18
I am setting up a remote site that will be under the same domain umbrella.  this environment is a Windows 2003 Server.  I have the AD replicated and now I am doing the DNS server.  Do I want to make this, Dns run off the local sever or the parent domain server??
0
Comment
Question by:dtooth71
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 200 total points
ID: 12226298
Hi dtooth71,
Make the DNS active directory integrated, then it will replicate with the AD traffic, then just point your clients (or servers) at the NEAREST server running DNS

PeteL
0
 

Author Comment

by:dtooth71
ID: 12226336
so if my parent domain is at site 1 I would want to make the DNS at site 2 run off site one DNS and then point all the clients at site 2 to site one?

lets say the VPN between the sites would fail.  with the DNS pointing t site 1, what effect would this have on site 2?
0
 
LVL 3

Expert Comment

by:TRobertson
ID: 12227152
I agree with PeteLong, if you want the DNS server to automatically replicate with the AD then set it up as an AD Integrated DNS.  If you dont have any other AD Integrated DNS server(s) then you may want to set it up as a secondary DNS server if you want it to replicate with a primary DNS server.  Otherwise if you dont want it to interact at all with the other DNS server(s) then make it a primary.
0
 
LVL 15

Assisted Solution

by:adamdrayer
adamdrayer earned 200 total points
ID: 12237628
you should normally make all Domain Controllers "Active Directory-Integrated".  no matter if they are over WANs or not.  If you require an alternative setup, then you should probably seek professional assistance.  all clients at site 2 should point to site 2 for DNS.  This is the point of Windows 2000/2003 Domain Controllers and AD-Intregrated DNS.  Except for a few Operations roles, all Domain Controllers are equal with none being more important than the other.  Active Directory-Intregrated DNS has a multitude of advantages including Multi-master replication.  Although you only have 2 DCs, if you had more, you would have to wait for one to replicate to another, and then that one to replicate to a third one, etc...
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 3

Expert Comment

by:TRobertson
ID: 12237821
Yes, bond yourself to the ongoing dependency for Microsoft.  Just as Microsoft failed in its attempt to deploy WINS as the dominate naming system for the internet, now lets change all that has work well for other operating systems and include some sort of Active Directory-Integrated DNS server.  Although probably 95% of the public DNS servers on the internet are ran on a non-Microsoft OS, why not bind yourself into such a dependency.  

The choice is if you are a Microsoft only environement and don't mind adding extra overhead to your network bandwidth and server process go ahead an use the AD integrated, otherwise you may want to explore your other options.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12237991
This is the Microsoft Networking Topic Area.  If you have personal grievances against Microsoft, I suggest you don't frequent this topic area.  Such remarks are considered inflammatory.  Please try and post constructive comments that are specific and helpful to the questioner's inquiry.

In my experience, people who are anti-microsoft are simply misinformed and under-experienced.  "probably 95%"?  if you don't know, why make up statistics?  Besides, this person is not running a public DNS.  There are environments in which certain systems are more beneficial than others.  If you cannot see the good in any particular system, it is probably because you lack the industry experience needed.
0
 
LVL 3

Expert Comment

by:TRobertson
ID: 12238751
My only point is that the Microsoft only solution may not be the best thing for Microsoft Operating Systems.  I see no reason in using Active Directory-integrated unless you want to replicate with a remote active directory server and have another Active Directory-Integrated DNS server.  Being a remote location the administrator may not want the records from a remote DNS server, in that case an Active Directory-Integrated solution would not be the way to go.

As for the remark "you should normally make all Domain Controllers "Active Directory-Integrated", there has been no information stated that the parent DNS server is an AD Integrated DNS server.

And the remark "all Domain Controllers are equal with none being more important than the other" does not apply for a mixed mode environment.

And I apologize for my "Probably 95%" remark.  Your right, according to the survey of 37,000,000+ domains Microsoft has  6.237%  of the market.  Sorry for my 1.237% miscalculation.

source: http://mydns.bboy.net/survey/
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12239554
Well my point was that he's already got AD replicating and both sites are under the same domain, so setting both DNS servers to AD Intregrated would be all the configuring needed, and there would be almost no added overhead.  He might not want DNS records from a remote network, but given that these machines are on the same domain and most likely not public, then not to want them should be a relatively important security policy that he would have been aware of and stated at the top.

For people not used to working with DNS, AD takes care of alot for you.  If you are not familiar with DNS and are looking to implement anthing else, you should consult a professional.

I said "except for a few operations roles, all Domain Controllers are equal with none being more important than the other", the only difference between win2k DCs are the operations roles.  The PDC is an operations role and although it's functionality varies depending on whether you are running mixed-mode or native, for DNS purposes, it does not matter.

You stated "Although probably 95% of the public DNS servers on the internet are ran on a non-Microsoft OS"  According to your own survey that you quoted ~95% of domains are run on BIND.  But we weren't talking about number of domains, we were talking about OSes and according to the same survey, 21.7% of the installations were Microsoft DNS.  Besides, I said that this person is not running a public DNS server, so a survey of what the big guys are using doesn't really apply.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 12251042
ThanQ
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now