?
Solved

ADIntegrated Vs Primary/Secondary.

Posted on 2009-04-23
6
Medium Priority
?
287 Views
Last Modified: 2012-05-06
we have Active directory domain (mycomapny.com), 2 domain controllers that are also DNS servers.
the only zone which is ADIntegrated for now is mycompany.com


we have on the same subnet 2 other separate DNS servers which are members of the domain, and they host hundreds of zones that are our external customers domains.

I would like to know if it's better to make all these zones also active directory integrated or just leave them primary /secondary.

what are the suggestions or based on what should I pick between ADIntegr and primary/secondary?
I know that ADIntegrated is more secure, but all DNS servers are inside the network.

thanks
0
Comment
Question by:jskfan
  • 3
  • 3
6 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24216900

As a rule of thumb I would say:

If it's Public you should use Primary / Secondary zone
If it's Private you can use AD Integrated

Given that you say they're for your external customers I would strongly advise leaving them as Primary / Secondary. That gives you full control of the NS and SOA records, something you lose when you change to AD Integrated.

Chris
0
 

Author Comment

by:jskfan
ID: 24217957
actually they have public zone names, but accessed from internally. I checked the zones and saw most of them have MX records with different IPs. I am not sure what they are for.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24222561

If they're only for internal use then by all means make them AD Integrated. It only becomes a problem if it's for public use, can cause quite a few problems there.

Chris
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 

Author Comment

by:jskfan
ID: 24224033
there is no big difference making it primary/secondary instead of AD Integrated, even if it's internal to the network.
They say it' s more secure when AD Integrated, but if the primary and secondary DNS are members of the domain, I believe they should be secure too,
0
 

Author Comment

by:jskfan
ID: 24224094
plus primary/secondary have around 200 zones. do you think this will impact AD replication.?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24224167

For the AD Integrated vs Primary/Secondary. If it's transferring over a private network and the servers are only for private use then it doesn't matter much anyway.

How big are the zones? It'll add a minimum of 600 objects to the directory (zone plus SOA record and at least one NS record). 600 isn't a lot though, even less of an issue if it the zones don't change much (only changes would be replicated).

Chris
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month14 days, 17 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question