DNS configuration for AD

Hello -

This is a question about proper configuration of DNS for AD in a multiple site environment.  This is more theortical right now but I want to be sure I am going to do it right.

Here are the basics -

Single domain
Two sites connected via T1
Each site has two DCs and two member servers
All servers are Win2K SP4
Sites are A and B
Domain Controllers are DC1 and DC2
Member servers are MS1 and MS2

Naming convention is site-server name
Thus, A-DC2 is the second DC at site A

All DC are DNS servers (AD integrated)

Ok, Site A is the 'primary' with one DC holding all FSMO roles - that would be A-DC1.

On A-DC1, under TCP/IP properties, it should point to itself for primary DNS server.  Secondary is A-DC2.
On A-DC2, under TCP/IP properties, it should point to A-DC1 for primary DNS server.  Secondary is itself (A-DC2).

On B-DC1, under TCP/IP properties, it should point to itself for primary DNS server.  Secondary is A-DC1.
On B-DC2, under TCP/IP properties, it should point to B-DC1 for primary DNS server.  Secondary is itself (B-DC2).

Member servers -
All member servers and clients in Site A point to A-DC1 as primary and A-DC2 as secondary.
All member servers and clients in Site B point to B-DC1 as primary and B-DC2 as secondary.


Is this right?

Are there any different considerations with a 2K3 AD domain?


Thanks!
LVL 1
dasmail2000Asked:
Who is Participating?
 
Chris DentPowerShell DeveloperCommented:

That all looks great.

While you're setting it all up it would be a very good idea to have just one Preferred DNS Server for your Domain Controllers, that is:

On A-DC1, under TCP/IP properties, it should point to itself for primary DNS server.  Secondary is A-DC2.
On A-DC2, under TCP/IP properties, it should point to A-DC1 for primary DNS server.  Secondary is itself (A-DC2).

On B-DC1, under TCP/IP properties, it should point to A-DC1 for primary DNS server.  Secondary is itself.
On B-DC2, under TCP/IP properties, it should point to A-DC1 for primary DNS server.  Secondary is itself (B-DC2).

That's just to ensure that replication can begin properly before you start needing it for DNS replication. After replication has started you'll be a lot safer changing it back to how you have it above, just keep an eye out for DNS errors (there shouldn't be any).

The considerations for a 2003 domain are the same as you have above.

Chris
0
 
dasmail2000Author Commented:
So in the original setup, how does replication between A-DC1 and B-DC1 happen?  I think that since they are both AD integrated then the DNS information is replicated with AD.

What I mean is the following:

I add a new host record to A-DC1.  Since B-DC1 does not look to A-DC1, the only way B-DC1 can get that update is via AD replication.  As they are both DCs, they know about each other and can communicate.  When that happens then the new host would be added to B-DC1.

This right?

Thanks
0
 
Chris DentPowerShell DeveloperCommented:


> So in the original setup, how does replication between A-DC1 and B-DC1 happen?  I think
> that since they are both AD integrated then the DNS information is replicated with AD.

That's absolutely correct, and provided you already have replication happening there's no real problem with your original setup. There is the possibility of one minor issue which can be caused if the server replication gets out of sync, but replication failures are quite easy to track.

But... When you first set up the servers (i.e. run DCPromo) they must have a way of finding each other, so you must use the same DNS Server until the initial replication has taken place.

Chris
0
 
dasmail2000Author Commented:
Great - thanks for your input and thoughts.

Brad
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.