?
Solved

Windows Server 2003 DNS configuration over multiple sites

Posted on 2013-05-27
3
Medium Priority
?
343 Views
Last Modified: 2013-05-30
Hi Experts!

I have a windows server 2003 DNS configuration question:

I have two servers (both server 2003, both DC's, both running DNS), each server is located in a seperate office, on seperate ip networks.  Each office/server has about 30 clients connected.  Both DC's are in the same domain.  The two offices/networks are connected via VPN.

I've been starting to notice that we have very high volume of traffic going over the VPN, and am trying to lock that down, since very few users ever need to go through the VPN and not to often.  The first thing that I started to look at, is the DNS configuration at each office, and I am not sure that it is correct.

Here is the current config:
Office A
-Forward lookup zone: entire domain (Office A network, Office B network)
-Forwarders: office A ISP DNS
-Reverse lookup zones: office A ip network, office B ip network

Office B
-Forward lookup zone: entire domain (Office A network, Office B network)
-Forwarders: office B ISP DNS
-Reverse lookup zones: office A ip network, office B ip network

Basically identical, with the exception of the Forwarders.

So I am wondering, is this correct?  Or should each DNS server be authoritive for the network that it is directly connected to, and have the other office DNS server as a secondary or stub? (for both forward and reverse lookup zones)

Thanks for the help Experts!
0
Comment
Question by:renfrey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 1200 total points
ID: 39199830
How many domains do you have?
If its a single domain then stubs and secondary's are not appropriate as any AD Integrated server is authoritive for the domain regardless of the IP settings, and the only forwarders needed should be to external DNS servers.

Clients need to be configured with the IP of a DNS server in their own site as the preferred DNS server.
0
 

Author Comment

by:renfrey
ID: 39202544
The two offices & DC's are part of the same domain.
0
 
LVL 5

Expert Comment

by:d_nedelchev
ID: 39205010
In addition to KCTS' advice to set the DNS server in each site as the preferred DNS server for clients in that location you can also check if your global catalog configuration is adequate for your organization’s needs.

If you have an Exchange server or other AD integrated application, that makes heavy use of the global catalog, and you don’t have the proper GC placement, the excess of GC queries over a WAN link can cause network congestion between sites. That is to say, that you should place a GC in any site that has such application in order to keep the queries from going cross-sites.

Typically in a single domain environment it is a common practice to set all domain controllers as GCs, because there are no network traffic penalties due to global catalog replication.

On the other hand if you have more then one domain in your forest, you should consider the GC placement more carefully.

Another thing that might be causing the problem is improperly set or missing subnet objects. Make sure that you have properly set subnet objects for each site. If they are misconfigured or incorrectly associated with your sites, some clients may refer for services to DCs that are not in their site, and if the subnet objects are missing altogether, then any client will refer to any DC for services and you would have no means of localizing the traffic, hence - your sites will be of no use.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question