Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 687
  • Last Modified:

DNS Domain Controller Setup

There seems to be for lack of better works a difference of opinion as to the best practice for DNS settings on a DC.  We have a large corp many sites one domain, lots of DCs.  My thinking is to set up each DC as a DNS server and forward the requests out to my Corp DCs - I think this will give us faster results internally - we have programs that are internal, over the WAN to our Corp office and out to the internet.  So I think DC01 should point to DC02 and then itself and then forward the request to The corp DC.  And DC02 should point to DC01 then itself and then forward the request to my Corp server.  Can someone please offer an opinion - Of course you set up zone also - but I'm just talking about the server requests.
0
WellingtonIS
Asked:
WellingtonIS
  • 2
  • 2
1 Solution
 
MaheshArchitectCommented:
No matter where you place DC, AD integrated DNS should be installed
Also all DCs that are DNS servers also, you must point their primary DNS IP pointing to them self only and secondary you may point to ADC in same site or if its not there then point  it to PDC
For internal name resolution you don't have to do anything other than setting up AD integrated DNS zones in DNS, eventually they will get replicated to all DCs in domain \ forest.

For internet access, if you have centralized proxy server \ firewall that controls the internet traffic, then no need to setup DNS on remote locations for internet name resolution.
However if your main site DNS server is the single point for resolving queries to internet (it has forwarder to public DNS servers) then you need to set default forwarder on remote location DCs and that default forwarder should point to main DC for internet name resolution
If you have multiple hub locations then you can set multiple DNS servers for internet name resolution by putting up ISP DNS in default forwarders list in DNS server properties for that Hub location.

let me know if this is what you are looking for and if i understand it correctly.

Mahesh
0
 
WellingtonISAuthor Commented:
Yes I realize they all must point to a primary DNS server, however, don't they need to point to each other in the same domain? and shouldn't the zones then replicate to the "Primary" DNS server?  So If you have the zone transfers they will get the information from the primary and filter down to the DC on the Forest?
0
 
MaheshArchitectCommented:
All Dcs must point to itself as primary dns server in tcp/ip setings if you installed DNS service on them.
All Dcs can point to other DNS server, but as secondary DNS server in tcp/ip properties

In order to replicate Zone in forest, DC should not point to each other in primary dns server settings in tcp/ip settings.

All you need to set is, go to zone properties of AD integrated Zone
on general tab, there is replication option
in replication select "Add dns servers in this domain OR all dns servers in this forest since you have single domain \single forest
When you select above options, zone get stored in either ForestDNSZones or Domaindnszones active directory application partition in AD and gets replicated to all domain controllers in forest or domain depending upon your selected option.

If zone is not AD integrated (that is only standard primary then above options will not activated, in that case those zones will not replicated.
In order to replicate those zones to all DCs, you must select "store zone in active directory" checkbox in zone properties so that it will changed from primary to AD integrated and then you need to select appropriate option (all dns servers in domain or forest to store zone data in AD and to replicate).

Mahesh
0
 
WellingtonISAuthor Commented:
thanks!
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now