• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 349
  • Last Modified:

Windows Server 2003 DNS configuration over multiple sites

Hi Experts!

I have a windows server 2003 DNS configuration question:

I have two servers (both server 2003, both DC's, both running DNS), each server is located in a seperate office, on seperate ip networks.  Each office/server has about 30 clients connected.  Both DC's are in the same domain.  The two offices/networks are connected via VPN.

I've been starting to notice that we have very high volume of traffic going over the VPN, and am trying to lock that down, since very few users ever need to go through the VPN and not to often.  The first thing that I started to look at, is the DNS configuration at each office, and I am not sure that it is correct.

Here is the current config:
Office A
-Forward lookup zone: entire domain (Office A network, Office B network)
-Forwarders: office A ISP DNS
-Reverse lookup zones: office A ip network, office B ip network

Office B
-Forward lookup zone: entire domain (Office A network, Office B network)
-Forwarders: office B ISP DNS
-Reverse lookup zones: office A ip network, office B ip network

Basically identical, with the exception of the Forwarders.

So I am wondering, is this correct?  Or should each DNS server be authoritive for the network that it is directly connected to, and have the other office DNS server as a secondary or stub? (for both forward and reverse lookup zones)

Thanks for the help Experts!
0
JP D
Asked:
JP D
1 Solution
 
Brian PiercePhotographerCommented:
How many domains do you have?
If its a single domain then stubs and secondary's are not appropriate as any AD Integrated server is authoritive for the domain regardless of the IP settings, and the only forwarders needed should be to external DNS servers.

Clients need to be configured with the IP of a DNS server in their own site as the preferred DNS server.
0
 
JP DI.T.Author Commented:
The two offices & DC's are part of the same domain.
0
 
d_nedelchevCommented:
In addition to KCTS' advice to set the DNS server in each site as the preferred DNS server for clients in that location you can also check if your global catalog configuration is adequate for your organization’s needs.

If you have an Exchange server or other AD integrated application, that makes heavy use of the global catalog, and you don’t have the proper GC placement, the excess of GC queries over a WAN link can cause network congestion between sites. That is to say, that you should place a GC in any site that has such application in order to keep the queries from going cross-sites.

Typically in a single domain environment it is a common practice to set all domain controllers as GCs, because there are no network traffic penalties due to global catalog replication.

On the other hand if you have more then one domain in your forest, you should consider the GC placement more carefully.

Another thing that might be causing the problem is improperly set or missing subnet objects. Make sure that you have properly set subnet objects for each site. If they are misconfigured or incorrectly associated with your sites, some clients may refer for services to DCs that are not in their site, and if the subnet objects are missing altogether, then any client will refer to any DC for services and you would have no means of localizing the traffic, hence - your sites will be of no use.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now