wantingtolearn
asked on
DNS, AD Replication, and Best Practices
I have 4 networks that are connected with site to site vpns's. What I would like is the best practice for assigning DNS to servers, their roles and its effect on the network.
Site #1:
Windows 2003 AD domain
IP Subnet 172.16.16.1/20
Server1 DC, and DNS
Server2 DC, and DNS
Server3 Data Drives utilizing shared folders that need to be accessable from all 4 sites by name.
Site #2:
Windows 2003 AD Domain that replicates from Server1 at Site #1
IP Subnet 172.16.32.1/20
Server4 DC, and DNS
Server5 DC, DNS, and DHCP
Server6 Data Drives utilizing shared folders that need to be accessable from all 4 sites by name.
Site #3
Windows 2003 AD Domain that replicates from Server1 at Site #1
IP Subnet 172.16.48.1/20
Server7 DC, DNS, DHCP, and Data Drives utilizing shared folders that need to be accessable from all 4 sites by name.
Site #4
Windows 2003 AD Domain that replicates from Server1 at Site #1
IP Subnet 172.16.64.1/20
Server8 DC, DNS, DHCP, and Data Drives utilizing shared folders that need to be accessable from all 4 sites by name.
What I need is what to assign to which servers to achieve effective DNS through out the sites, including DNS hierchy\forward and reverse lookups, etc.... Also as I have it setup now I get replication errors. I am hoping that once I have the servers addressed correctly and DNS configured correctly the errors will go away.
Site #1:
Windows 2003 AD domain
IP Subnet 172.16.16.1/20
Server1 DC, and DNS
Server2 DC, and DNS
Server3 Data Drives utilizing shared folders that need to be accessable from all 4 sites by name.
Site #2:
Windows 2003 AD Domain that replicates from Server1 at Site #1
IP Subnet 172.16.32.1/20
Server4 DC, and DNS
Server5 DC, DNS, and DHCP
Server6 Data Drives utilizing shared folders that need to be accessable from all 4 sites by name.
Site #3
Windows 2003 AD Domain that replicates from Server1 at Site #1
IP Subnet 172.16.48.1/20
Server7 DC, DNS, DHCP, and Data Drives utilizing shared folders that need to be accessable from all 4 sites by name.
Site #4
Windows 2003 AD Domain that replicates from Server1 at Site #1
IP Subnet 172.16.64.1/20
Server8 DC, DNS, DHCP, and Data Drives utilizing shared folders that need to be accessable from all 4 sites by name.
What I need is what to assign to which servers to achieve effective DNS through out the sites, including DNS hierchy\forward and reverse lookups, etc.... Also as I have it setup now I get replication errors. I am hoping that once I have the servers addressed correctly and DNS configured correctly the errors will go away.
ASKER
At site #1 55 clients Exchange, Site #2- 24 clients Exchange, Site #3- 6 clients, Site #4- 2 Clients. I need the DNS servers to talk to each other and to be able to see clients machines that are part of the domain on the seperate subnets. I would like to do away with Lmhost files.
You don't have enough clients to justify the complexity of splitting the DNS zones up (in my opinion).
I suggest you have the following zones (if you don't already):
ADDomain.com (your AD Domain) - Replicate to All DNS Servers in the AD Domain
172.16.x.x Subnet (or 16.172.in-addr.arpa) - Replicate to All DNS Servers in the AD Domain
On the client side, have them refer to the DNS server(s) local to their site. If they access the internet directly either have the DNS server(s) on site resolve public names using Root Hints, or use Forwards to your ISP (or any other trusted public resolver).
One of the more common mistakes is having clients (or servers) refer to an ISPs DNS server in their own TCP/IP configuration. This tends to cause lots of issues.
How do clients update DNS for you at the moment? Directly? Or is DHCP doing it for you?
Have you configured Aging and Scavenging on any of the zones?
> and to be able to see clients machines
For this part, do you mean in "My Network Places"? Because that's a whole different kettle of fish and nothing DNS can help with.
Chris
ASKER
I will look what the default zone setup is as I havent changed anything. How do you get AD to replicate to every DNS server in the domain? Also is there a master DNS server that will inquire to the next level up (at the isp?) for things it cant resolve on its own? or do all the DNS server do that?
On the client side I will have them refer to their local DNS server only as now I am having them refer to their local one as well as one of the serves at Site #1.
Not sure what you mean by the clients updating dns themselves or from DHCP. the addresses are set and the clients that are dhcp renew their leases every thirty days. (feeling like an idiot on this one)
I have not configured Aging, and Scavenging. Have never done it.
To be able to see client machines.... it would be nice to see them in my network places. They have to be available when "net use" for drives is being done. Now I have to update the lmhost file on each client. There must be a better way. Should I post a seperate question for this? Is LDAP the other kettle of fish?
On the client side I will have them refer to their local DNS server only as now I am having them refer to their local one as well as one of the serves at Site #1.
Not sure what you mean by the clients updating dns themselves or from DHCP. the addresses are set and the clients that are dhcp renew their leases every thirty days. (feeling like an idiot on this one)
I have not configured Aging, and Scavenging. Have never done it.
To be able to see client machines.... it would be nice to see them in my network places. They have to be available when "net use" for drives is being done. Now I have to update the lmhost file on each client. There must be a better way. Should I post a seperate question for this? Is LDAP the other kettle of fish?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have 2 dc's at each site. I want to make them both wins servers as well. Wins talks about replication partners. Do I have one master browser in each subnet and then have them replicate with each other?
You can have multiple WINS servers if you want, and if you do you will certainly need to configure Push / Pull replication. However, that doesn't necessarily have to be the Master Browser (although given your layout it probably will be).
You would still have one Master Browser per subnet, WINS simply helps multiple Master Browsers exchange lists of computers, orchestrated by the Domain Master Browser (which normally ends up as the server hosting the PDC Emulator role).
Chris
How much DNS data (how many clients)? How many zones?
Chances are, because you mention it being a single domain, that you will end up with a single forward lookup zone and potentially a single reverse lookup zone (16.172.in-addr.arpa / 172.16.x.x Subnet).
Chris