Solved

DNS Domain Controller Setup

Posted on 2014-01-15
4
680 Views
Last Modified: 2014-01-15
There seems to be for lack of better works a difference of opinion as to the best practice for DNS settings on a DC.  We have a large corp many sites one domain, lots of DCs.  My thinking is to set up each DC as a DNS server and forward the requests out to my Corp DCs - I think this will give us faster results internally - we have programs that are internal, over the WAN to our Corp office and out to the internet.  So I think DC01 should point to DC02 and then itself and then forward the request to The corp DC.  And DC02 should point to DC01 then itself and then forward the request to my Corp server.  Can someone please offer an opinion - Of course you set up zone also - but I'm just talking about the server requests.
0
Comment
Question by:WellingtonIS
  • 2
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 39783319
No matter where you place DC, AD integrated DNS should be installed
Also all DCs that are DNS servers also, you must point their primary DNS IP pointing to them self only and secondary you may point to ADC in same site or if its not there then point  it to PDC
For internal name resolution you don't have to do anything other than setting up AD integrated DNS zones in DNS, eventually they will get replicated to all DCs in domain \ forest.

For internet access, if you have centralized proxy server \ firewall that controls the internet traffic, then no need to setup DNS on remote locations for internet name resolution.
However if your main site DNS server is the single point for resolving queries to internet (it has forwarder to public DNS servers) then you need to set default forwarder on remote location DCs and that default forwarder should point to main DC for internet name resolution
If you have multiple hub locations then you can set multiple DNS servers for internet name resolution by putting up ISP DNS in default forwarders list in DNS server properties for that Hub location.

let me know if this is what you are looking for and if i understand it correctly.

Mahesh
0
 

Author Comment

by:WellingtonIS
ID: 39783395
Yes I realize they all must point to a primary DNS server, however, don't they need to point to each other in the same domain? and shouldn't the zones then replicate to the "Primary" DNS server?  So If you have the zone transfers they will get the information from the primary and filter down to the DC on the Forest?
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39783541
All Dcs must point to itself as primary dns server in tcp/ip setings if you installed DNS service on them.
All Dcs can point to other DNS server, but as secondary DNS server in tcp/ip properties

In order to replicate Zone in forest, DC should not point to each other in primary dns server settings in tcp/ip settings.

All you need to set is, go to zone properties of AD integrated Zone
on general tab, there is replication option
in replication select "Add dns servers in this domain OR all dns servers in this forest since you have single domain \single forest
When you select above options, zone get stored in either ForestDNSZones or Domaindnszones active directory application partition in AD and gets replicated to all domain controllers in forest or domain depending upon your selected option.

If zone is not AD integrated (that is only standard primary then above options will not activated, in that case those zones will not replicated.
In order to replicate those zones to all DCs, you must select "store zone in active directory" checkbox in zone properties so that it will changed from primary to AD integrated and then you need to select appropriate option (all dns servers in domain or forest to store zone data in AD and to replicate).

Mahesh
0
 

Author Closing Comment

by:WellingtonIS
ID: 39783719
thanks!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now