Solved

DNS Domain Controller Setup

Posted on 2014-01-15
4
677 Views
Last Modified: 2014-01-15
There seems to be for lack of better works a difference of opinion as to the best practice for DNS settings on a DC.  We have a large corp many sites one domain, lots of DCs.  My thinking is to set up each DC as a DNS server and forward the requests out to my Corp DCs - I think this will give us faster results internally - we have programs that are internal, over the WAN to our Corp office and out to the internet.  So I think DC01 should point to DC02 and then itself and then forward the request to The corp DC.  And DC02 should point to DC01 then itself and then forward the request to my Corp server.  Can someone please offer an opinion - Of course you set up zone also - but I'm just talking about the server requests.
0
Comment
Question by:WellingtonIS
  • 2
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 39783319
No matter where you place DC, AD integrated DNS should be installed
Also all DCs that are DNS servers also, you must point their primary DNS IP pointing to them self only and secondary you may point to ADC in same site or if its not there then point  it to PDC
For internal name resolution you don't have to do anything other than setting up AD integrated DNS zones in DNS, eventually they will get replicated to all DCs in domain \ forest.

For internet access, if you have centralized proxy server \ firewall that controls the internet traffic, then no need to setup DNS on remote locations for internet name resolution.
However if your main site DNS server is the single point for resolving queries to internet (it has forwarder to public DNS servers) then you need to set default forwarder on remote location DCs and that default forwarder should point to main DC for internet name resolution
If you have multiple hub locations then you can set multiple DNS servers for internet name resolution by putting up ISP DNS in default forwarders list in DNS server properties for that Hub location.

let me know if this is what you are looking for and if i understand it correctly.

Mahesh
0
 

Author Comment

by:WellingtonIS
ID: 39783395
Yes I realize they all must point to a primary DNS server, however, don't they need to point to each other in the same domain? and shouldn't the zones then replicate to the "Primary" DNS server?  So If you have the zone transfers they will get the information from the primary and filter down to the DC on the Forest?
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39783541
All Dcs must point to itself as primary dns server in tcp/ip setings if you installed DNS service on them.
All Dcs can point to other DNS server, but as secondary DNS server in tcp/ip properties

In order to replicate Zone in forest, DC should not point to each other in primary dns server settings in tcp/ip settings.

All you need to set is, go to zone properties of AD integrated Zone
on general tab, there is replication option
in replication select "Add dns servers in this domain OR all dns servers in this forest since you have single domain \single forest
When you select above options, zone get stored in either ForestDNSZones or Domaindnszones active directory application partition in AD and gets replicated to all domain controllers in forest or domain depending upon your selected option.

If zone is not AD integrated (that is only standard primary then above options will not activated, in that case those zones will not replicated.
In order to replicate those zones to all DCs, you must select "store zone in active directory" checkbox in zone properties so that it will changed from primary to AD integrated and then you need to select appropriate option (all dns servers in domain or forest to store zone data in AD and to replicate).

Mahesh
0
 

Author Closing Comment

by:WellingtonIS
ID: 39783719
thanks!
0

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now