Solved

Windows Server 2003 DNS configuration over multiple sites

Posted on 2013-05-27
3
335 Views
Last Modified: 2013-05-30
Hi Experts!

I have a windows server 2003 DNS configuration question:

I have two servers (both server 2003, both DC's, both running DNS), each server is located in a seperate office, on seperate ip networks.  Each office/server has about 30 clients connected.  Both DC's are in the same domain.  The two offices/networks are connected via VPN.

I've been starting to notice that we have very high volume of traffic going over the VPN, and am trying to lock that down, since very few users ever need to go through the VPN and not to often.  The first thing that I started to look at, is the DNS configuration at each office, and I am not sure that it is correct.

Here is the current config:
Office A
-Forward lookup zone: entire domain (Office A network, Office B network)
-Forwarders: office A ISP DNS
-Reverse lookup zones: office A ip network, office B ip network

Office B
-Forward lookup zone: entire domain (Office A network, Office B network)
-Forwarders: office B ISP DNS
-Reverse lookup zones: office A ip network, office B ip network

Basically identical, with the exception of the Forwarders.

So I am wondering, is this correct?  Or should each DNS server be authoritive for the network that it is directly connected to, and have the other office DNS server as a secondary or stub? (for both forward and reverse lookup zones)

Thanks for the help Experts!
0
Comment
Question by:renfrey
3 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 300 total points
ID: 39199830
How many domains do you have?
If its a single domain then stubs and secondary's are not appropriate as any AD Integrated server is authoritive for the domain regardless of the IP settings, and the only forwarders needed should be to external DNS servers.

Clients need to be configured with the IP of a DNS server in their own site as the preferred DNS server.
0
 

Author Comment

by:renfrey
ID: 39202544
The two offices & DC's are part of the same domain.
0
 
LVL 5

Expert Comment

by:d_nedelchev
ID: 39205010
In addition to KCTS' advice to set the DNS server in each site as the preferred DNS server for clients in that location you can also check if your global catalog configuration is adequate for your organization’s needs.

If you have an Exchange server or other AD integrated application, that makes heavy use of the global catalog, and you don’t have the proper GC placement, the excess of GC queries over a WAN link can cause network congestion between sites. That is to say, that you should place a GC in any site that has such application in order to keep the queries from going cross-sites.

Typically in a single domain environment it is a common practice to set all domain controllers as GCs, because there are no network traffic penalties due to global catalog replication.

On the other hand if you have more then one domain in your forest, you should consider the GC placement more carefully.

Another thing that might be causing the problem is improperly set or missing subnet objects. Make sure that you have properly set subnet objects for each site. If they are misconfigured or incorrectly associated with your sites, some clients may refer for services to DCs that are not in their site, and if the subnet objects are missing altogether, then any client will refer to any DC for services and you would have no means of localizing the traffic, hence - your sites will be of no use.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
shadow copies 7 69
Unknown AD user under VMWare OU 4 52
Raising the domain level - can i do this during production 17 60
active directory 3 39
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now