• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 313
  • Last Modified:

DNS and Active Directory....

Currently here is what I understand.

My Domain server has AD and DNS installed.

When setting up DNS i gave it my ISP's DNS IP's.

My workstation is set for DCHP with grabs all LAN IP's and ISP's DNS automatically correctly.

I log into the AD Server fine.

Now, my question is this.  Why do I need DNS Installed on my AD Server? Why is it required?
It's really not doing anything.

I do know that I can manually assign my Server's IP address to my workstations and still go online because I did enable DNS to look at my ISP's public IP address.

Is there a clear cut reason why AD needs to be installed on the server? I don't see it really doing anything else.
0
CTS123
Asked:
CTS123
  • 6
  • 5
1 Solution
 
CTS123Author Commented:
correction on the last statement.


Is there a clear cut reason why DNS needs to be installed on the server? I don't see it really doing anything else when I have my ISP handling DNS for my workstations.
0
 
harleyjdCommented:
DNS is used extensively by W2k, WxP and W2k3 for everything from logins to network browsing to domain replication. What DNS on the server is doing is keeping a track of all the workstations and servers, as well as the security stuff AD needs - the _msdcs and other subdomains you will see.

Not having a DNS server which supports Dynamic Updates will cause huge problems, and fairly quickly, too. You will see very long login times on workstations, pauses and delays while looking for shared folders.

Ideally your DHCP server will issue only the AD servers DNS. The DNS server should use forwarders to the ISP DNS.

0
 
harleyjdCommented:
"I don't see it really doing anything else when I have my ISP handling DNS for my workstations."

Sure, it's handling lookups, but it won't be handling registrations unless your ISP allow dynamic updates.

0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
CTS123Author Commented:
Ok, I see the clear reason now.

My next question. Should I have my work stations look at my SERVER for DNS to make my network run smoothly?

Currently my DNS is set forward requests to my ISP's.

But for overall network performance of my Users (lets say 100 of them) to have the workstations depend on my Server for DNS to have quicker log on times and better performance?
0
 
harleyjdCommented:
Yes, set the DHCP to issue only the AD server's address.

This means any and all lookups go to the server first, saving time for local lookups, but potentially for external lookups as well - MS DNS caches external adresses, so requests from cache will not be sent to the ISP...

If you're really concerned then set up a second DC, with the DNS zone - AD will take care of the replication, so there's not primary/secondary transfers to worry about.

0
 
CTS123Author Commented:
Ok. One more question.  Another scenario i have is lets say a Unix server is the primary DNS on a network.  Can I just forward look ups to this server aswell?
0
 
harleyjdCommented:
Only if the nix server supports BIND (forget the version, but it should if it's less than 3 or 4 years old) which does dynamic registrations.

You can use any DNS server you want, so long as AD and the workstations can properly register themselves. Generally ISP DNS will be locked down to prevent this exact thing happening. AD based DNS is just easier to manage, as it's all self contained.
0
 
CTS123Author Commented:
So when I setup the DNS on the AD Server I can just put in the UNIX's IP in the same place I put the ISP's DNS?  Or do I have to create it manually since this other machine is handling it all?
Is it that simple or is there more to it?
0
 
chillinlongCommented:
he wants to ask unlimited questions, hes taking you for a ride mate.

0
 
harleyjdCommented:
chillin - not going there.

CTS - not going there either. I can't see any reason why you would want to do that. Just use the AD DNS server. If the nix server is important to you, then you would have asked about it in the first instance.

I would user AD DNS for everything. If it was really necessary I would set the nix server to get zone transfers from the AD DNS. Don't ask how - I don't do nix.
0
 
CTS123Author Commented:
I'll Try to seperate my questions next time in different posts, I just don't want to repeat topics.  I'll try to be clearer.

Thanks for everything you've been very helpfull in this confusing situation for me.

I greatly apperciate your help.
0
 
harleyjdCommented:
No worries - I would have called you out if I felt you were straying too far...

0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now