Solved

DNS and Active Directory....

Posted on 2004-10-20
12
300 Views
Last Modified: 2010-04-19
Currently here is what I understand.

My Domain server has AD and DNS installed.

When setting up DNS i gave it my ISP's DNS IP's.

My workstation is set for DCHP with grabs all LAN IP's and ISP's DNS automatically correctly.

I log into the AD Server fine.

Now, my question is this.  Why do I need DNS Installed on my AD Server? Why is it required?
It's really not doing anything.

I do know that I can manually assign my Server's IP address to my workstations and still go online because I did enable DNS to look at my ISP's public IP address.

Is there a clear cut reason why AD needs to be installed on the server? I don't see it really doing anything else.
0
Comment
Question by:CTS123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 

Author Comment

by:CTS123
ID: 12358365
correction on the last statement.


Is there a clear cut reason why DNS needs to be installed on the server? I don't see it really doing anything else when I have my ISP handling DNS for my workstations.
0
 
LVL 15

Accepted Solution

by:
harleyjd earned 250 total points
ID: 12358411
DNS is used extensively by W2k, WxP and W2k3 for everything from logins to network browsing to domain replication. What DNS on the server is doing is keeping a track of all the workstations and servers, as well as the security stuff AD needs - the _msdcs and other subdomains you will see.

Not having a DNS server which supports Dynamic Updates will cause huge problems, and fairly quickly, too. You will see very long login times on workstations, pauses and delays while looking for shared folders.

Ideally your DHCP server will issue only the AD servers DNS. The DNS server should use forwarders to the ISP DNS.

0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12358437
"I don't see it really doing anything else when I have my ISP handling DNS for my workstations."

Sure, it's handling lookups, but it won't be handling registrations unless your ISP allow dynamic updates.

0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 

Author Comment

by:CTS123
ID: 12358520
Ok, I see the clear reason now.

My next question. Should I have my work stations look at my SERVER for DNS to make my network run smoothly?

Currently my DNS is set forward requests to my ISP's.

But for overall network performance of my Users (lets say 100 of them) to have the workstations depend on my Server for DNS to have quicker log on times and better performance?
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12358571
Yes, set the DHCP to issue only the AD server's address.

This means any and all lookups go to the server first, saving time for local lookups, but potentially for external lookups as well - MS DNS caches external adresses, so requests from cache will not be sent to the ISP...

If you're really concerned then set up a second DC, with the DNS zone - AD will take care of the replication, so there's not primary/secondary transfers to worry about.

0
 

Author Comment

by:CTS123
ID: 12358601
Ok. One more question.  Another scenario i have is lets say a Unix server is the primary DNS on a network.  Can I just forward look ups to this server aswell?
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12358672
Only if the nix server supports BIND (forget the version, but it should if it's less than 3 or 4 years old) which does dynamic registrations.

You can use any DNS server you want, so long as AD and the workstations can properly register themselves. Generally ISP DNS will be locked down to prevent this exact thing happening. AD based DNS is just easier to manage, as it's all self contained.
0
 

Author Comment

by:CTS123
ID: 12358704
So when I setup the DNS on the AD Server I can just put in the UNIX's IP in the same place I put the ISP's DNS?  Or do I have to create it manually since this other machine is handling it all?
Is it that simple or is there more to it?
0
 
LVL 1

Expert Comment

by:chillinlong
ID: 12358750
he wants to ask unlimited questions, hes taking you for a ride mate.

0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12358834
chillin - not going there.

CTS - not going there either. I can't see any reason why you would want to do that. Just use the AD DNS server. If the nix server is important to you, then you would have asked about it in the first instance.

I would user AD DNS for everything. If it was really necessary I would set the nix server to get zone transfers from the AD DNS. Don't ask how - I don't do nix.
0
 

Author Comment

by:CTS123
ID: 12358969
I'll Try to seperate my questions next time in different posts, I just don't want to repeat topics.  I'll try to be clearer.

Thanks for everything you've been very helpfull in this confusing situation for me.

I greatly apperciate your help.
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 12359010
No worries - I would have called you out if I felt you were straying too far...

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question