DNS AD-Intergrated Zones

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Morning all,

With AD to AD zone do they automatically refresh or does the notify window need to be set up? Or do they only refresh based on the refresh setting in the SOA record?

Thanks,

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

AD should automatically refresh based around your replication schedule. You can use Replmon which can be found in Windows Support Tools on your Server 2003. On this you can do lots of things like:

- Monitor Replication
- Force Replication

It should be covered in the MS Press Book, however a quick guide is located here

 

cheers craigie, True the replication monitor would replicate all partitions in AD.

Ok so based off NTDS the replication will happen betwen 1 to 4 times are hour by default and it will be an IXFR transfer for DNS. But you can still force a zone transfer or replication by pressing the increment button?

Im just confused if the notify in zone transfers (which AD intergrated zones do not really need) is still used? I can see it being used for secondary zones, but not sure if it still a valid option to AD to replicate the DNS zone as soon as a change appears.

Maybe i should read something else and come back to this later....

 

cheers sparky,

ok so AD zone to secondary zone i can set the refresh interval on the SOA or the notify window in the zone transfer tab.

Site 1 :AD zone on ServerA (domain1.local) to AD zone ServerB (domain1.local) is the SOA record refresh interval used for anything? Is the Notify window from zone transfers used for anything (e.g. instead of waiting for the replication schedule it does a transfer straight away)?

I see how the SOA record and all the rest of it is used in the normal primary, secondary etc... zones. Just not 100% sure on the AD intergrated zones. Although i have a funny feeling i am just confusing matters.

 

AD intergration (DNS): http://technet.microsoft.com/en-us/library/cc737383.aspx

cheers sparky,

Ok then, so to double check.

The whole zone is not replicated and only the records that have changed.
The replicating of the DNS zone is done based on AD replication setting.
The SOA serials are checked to see whether anything needs updating on the Second DC. If the replication SOA serial is higher then replicate.

Just to check with the replication on a single subnet, single site, 2 dc environment the replication of the DNS zone (partition it is in) between the two servers is it done as soon as a change is done (Serial has been increased)? Or based on the NTDS setting for AD replication?

Im enjoying this

 

ok so when you edit a dns record in an AD zone you can say it is automatically replicated (close enough), but the partition the DNS zone is in is also replicated as per normal schedule (NTDS).

MY brain is in working order today lol. The SOA record in the zone is used to tell the secondary zone of the AD zone when to refresh etc.... but if the serial is incremented it immediately transfers to the secondary zone.

I tell you what finishing the 70-291 book ina week including the labs but not the question chapters at the end really turns your brain to mush for a little while lol.

p.s. the SharkWater documentary is very interesting.

Edit: Forgot to say cheers for the reply again!

 

Ok cool. Think ive got it now.

 

At the moment ive got 1 Dc, 1 member server, 2 x xp clients

got RRAS NAT/dhcp relay/vpn dial in, DHCP (with superscope for xp vpn dial in client and relevant routing options with dhcp relay), DNS (AD zone primary, secondary, stud zone, delegated zone)


*bridged connection* - DC (AD/dns/rras(NAT, vpn dial in)) - LAN segment 1 - member server (dns,rras(dhcp relay)) - LAN segment 2 - xp client

then *bridged connection*(for vpn) - xp client2

Will add another 2 DC: 1 just on the local subnet so as not to confuse replication and another DC connected for site and services via L2tp/ipsec just wish i had a CA. Maybe another cert book will inform me how to set up a temp CA.

May stick 3 of the servers in a triangle with RRAS running and turn on a routing protocol.

so little time so much to play with