Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DNS and Active Directory....

Posted on 2004-10-20
12
Medium Priority
?
311 Views
Last Modified: 2010-04-19
Currently here is what I understand.

My Domain server has AD and DNS installed.

When setting up DNS i gave it my ISP's DNS IP's.

My workstation is set for DCHP with grabs all LAN IP's and ISP's DNS automatically correctly.

I log into the AD Server fine.

Now, my question is this.  Why do I need DNS Installed on my AD Server? Why is it required?
It's really not doing anything.

I do know that I can manually assign my Server's IP address to my workstations and still go online because I did enable DNS to look at my ISP's public IP address.

Is there a clear cut reason why AD needs to be installed on the server? I don't see it really doing anything else.
0
Comment
Question by:CTS123
  • 6
  • 5
12 Comments
 

Author Comment

by:CTS123
ID: 12358365
correction on the last statement.


Is there a clear cut reason why DNS needs to be installed on the server? I don't see it really doing anything else when I have my ISP handling DNS for my workstations.
0
 
LVL 15

Accepted Solution

by:
harleyjd earned 1000 total points
ID: 12358411
DNS is used extensively by W2k, WxP and W2k3 for everything from logins to network browsing to domain replication. What DNS on the server is doing is keeping a track of all the workstations and servers, as well as the security stuff AD needs - the _msdcs and other subdomains you will see.

Not having a DNS server which supports Dynamic Updates will cause huge problems, and fairly quickly, too. You will see very long login times on workstations, pauses and delays while looking for shared folders.

Ideally your DHCP server will issue only the AD servers DNS. The DNS server should use forwarders to the ISP DNS.

0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12358437
"I don't see it really doing anything else when I have my ISP handling DNS for my workstations."

Sure, it's handling lookups, but it won't be handling registrations unless your ISP allow dynamic updates.

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:CTS123
ID: 12358520
Ok, I see the clear reason now.

My next question. Should I have my work stations look at my SERVER for DNS to make my network run smoothly?

Currently my DNS is set forward requests to my ISP's.

But for overall network performance of my Users (lets say 100 of them) to have the workstations depend on my Server for DNS to have quicker log on times and better performance?
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12358571
Yes, set the DHCP to issue only the AD server's address.

This means any and all lookups go to the server first, saving time for local lookups, but potentially for external lookups as well - MS DNS caches external adresses, so requests from cache will not be sent to the ISP...

If you're really concerned then set up a second DC, with the DNS zone - AD will take care of the replication, so there's not primary/secondary transfers to worry about.

0
 

Author Comment

by:CTS123
ID: 12358601
Ok. One more question.  Another scenario i have is lets say a Unix server is the primary DNS on a network.  Can I just forward look ups to this server aswell?
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12358672
Only if the nix server supports BIND (forget the version, but it should if it's less than 3 or 4 years old) which does dynamic registrations.

You can use any DNS server you want, so long as AD and the workstations can properly register themselves. Generally ISP DNS will be locked down to prevent this exact thing happening. AD based DNS is just easier to manage, as it's all self contained.
0
 

Author Comment

by:CTS123
ID: 12358704
So when I setup the DNS on the AD Server I can just put in the UNIX's IP in the same place I put the ISP's DNS?  Or do I have to create it manually since this other machine is handling it all?
Is it that simple or is there more to it?
0
 
LVL 1

Expert Comment

by:chillinlong
ID: 12358750
he wants to ask unlimited questions, hes taking you for a ride mate.

0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12358834
chillin - not going there.

CTS - not going there either. I can't see any reason why you would want to do that. Just use the AD DNS server. If the nix server is important to you, then you would have asked about it in the first instance.

I would user AD DNS for everything. If it was really necessary I would set the nix server to get zone transfers from the AD DNS. Don't ask how - I don't do nix.
0
 

Author Comment

by:CTS123
ID: 12358969
I'll Try to seperate my questions next time in different posts, I just don't want to repeat topics.  I'll try to be clearer.

Thanks for everything you've been very helpfull in this confusing situation for me.

I greatly apperciate your help.
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12359010
No worries - I would have called you out if I felt you were straying too far...

0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Screencast - Getting to Know the Pipeline

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question