DNS point to self or primary DNS

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hey gents,

I am new to this forum. I will formally intro myself later.but have a quick question.

DNS question.

say I have 4 DC on four different subnets connected by a
CSU T1` line ex:
192.168.1.x
192.168.2.x
192.168.3.x
192.168.4.x

say each DC is 1.1, 2.1, 3.1, 4.1 respectively.

I have seen the DNS config like 2 ways.

1 way is to have each DC/DNS server point to itsself for DNS
and each client within it respective subnet config'd to its local
DNS/DC.

2 way is have all the DC/DNS servers point to the primary and secondary DNS servers. and have each subnet point to its local DNS/DC.

the 2nd way i was told is for better quality DC replication..

is this true!??

I thought the 1st way was correct? for network bandwitdth optimization?



help i ant got a clue?

thank gurus!

itdaddy
usa

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

As stated - I don't see how the first way would be of any use if any site needs to contact any other site.

But that is from a pure DNS point of view - don't know how a DC/M$ system would affect that.

Harry.

 

primary dns is itself
secondary dns is set to primary dns

primary dns can be written too
secondary is only read correct?

i have seen both ways

how does NTDS replicate out to each DC?
isnt it by DC replication and if integrated with DNS they just
replicate to each primary DNS DC??
thanks

itdaddy

 

Here's a sort-of answer.

In AD dns replication is included in AD replication, but that is only if you created your DNS servers as AD-integrated servers. That is actually best practice as that way your DNS replication is encrypted, not plain text.

In 2000 there were problems with DNS servers "islanding" themselves if pointed to only themselves. I don't know if has been completely taken care of or not, but the _msdcs folder was created in Server 2003 to elimate that problem. If you do run into problems with "islanding" when pointing AD integrated DNS servers to themselves then point them in a criss-cross pattern to eliminate that problem.

Is there a reason you are not running your DNS servers as AD-integrated?

 

they are all AD DNS integrated..

3 2000 servers
1 2003 global catalogue server

we use to have them point to themeselves. the DNS tables
do not get updated that often cause we run static client IPs.
we had a tech come in and change it not sure why?

we had one server have a AD replication issue which was the 2003 server.

like i said i thought since there are all AD DCs they would just replicated their DNS and NTDS folder items to each other?
i have heard both ways the 1 way point to themselves
and the other point to a common primary DNS and then a common secondary; makes sense but thought replication
of NTDS files were taken care of already with the DC mappings?
what you think>

thanks for you help! this forum is awesome

robert(itdaddy)

 

I think you will find the following link very helpful.

http://support.microsoft.com/default.aspx?scid=kb;en-us;825036

 

tanx just what i needed. great

says you can do both if replication is working..

as long as correct dns names and corresponding ips are in the
dns list and all the IPs of DC are static they should find each other correct even if they (DC/Servers) are set to themselves as primary and other DNS/DC on the network(prefer)closer one
to be a secondary?
this tech says they cant find each other if they are pointing to themselves not sure what he means; he cant give me details
does anyone know what he means??
cause DC are static? and the list is never updated due to this?
so how can this be??
this is my underlying question?

 

If all your DNS servers are AD-integrated you have no secondary DNS servers. AD is multi-master.

 

really!? wow
so config it is a waste of time huh?

doesnt AD (NTDS) folder get replicated thru RPC (calls) to each DC? and as long as DNS is static ips and bet bios names then
no need for all DC to point to the Primary dns server?
what if that server goes down?

not sure why this tech changed all DC controllers to the 1 DC
for DNS?

he says the other DC will not replicated its AD NTDS data?
is this true? it doesnt make sense to me?
help!

the DNS technet you gave me is great but talks about Islanding which i understand; and that is the case of a dynamic dns not a static dns with static names and ips???

itadddy

 

The Sysvol folder gets replicated to all domain controllers in the same domain. If you are using AD Integrated DNS, then the zone information is also replicated. If the domain controllers are in the same site, then yes RPC is used.

It doesn't matter whether the IP addresses of the clients are static or dynamically assigned, as long as they are not legacy OSs they will register themselves in DNS.

It is of course common sense to give all servers, domain controllers and DNS servers static IP addresses.

Not sure either

No, I think he is mistaken.

Also AD Integrated is the only way to have fault tolerant DNS as the zone info is replicated and is writable on any domain controller.

 

thanks blue rinse

this is a cool site



sweet!

 

so we have 4 DCs.
each is a
file server
print server
DC
DNS primary


but this tech has them all pointing to the DC1
as the primary DNS and of course each DC
has their subnet clients pointing to their respective DNS/DC.

he has all DC/DNS pointing to DNS1/DC1 and all AD integrated.
the DNS is.
so he says they will (island) not find each other to replicate.
this isnt true is it? i know i asked this but just making sure.
you guys got this?
I thought it was best when he had them criss cross to different DNS


DC1 to DC2/DNS
DC2 to DC3/DNS
DC3 to DC4/DNS
DC4 to DC1/DNS


like this but he has them:

DC1 to DC1/DNS DC2/DNS
DC2 to DC1/DNS "
DC3 to DC1/DNS "
DC4 to DC1/DNS "

Do you see any forseable problems with this
besides if DC1/DNS goes down? the other DC will still communicate??/

itdaddy

 

itdaddy,

If any of your DNS servers are reported as "primary" or "secondary" they are not AD-integrated DNS servers. There are no primary or secondary DNS servers when DNS is integrated into AD. Primary or secondary DNS servers can be used in an AD environment, but that does not make them AD-integrated DNS servers.

You need to make sure you understand that before you go any further.

 

when you go into the properties of the dns domain site
it says each dns domain is (only one domain) says Active Directory integrated...but in each DC network config for dns it is filled out primary and sececonary dns servers with all DC/DNS servers pointing to the PDC i should say, not Primary DNS server my bad! i meant PDC not Primary DNS...yes they are integrated...
so if PDC goes down which houses the DNS server..
all the DC/DNS will be out of luck?

so filling out the DNS config is futile??? no need if AD integreated??

 

Hmmm.... Ok, things are getting confused because of terminology.

First, there is no PDC in Active Directory as there was in NT4 style domains. There is a PDC emulator, but no PDC's. Once again it's because DC's are all writable, just like AD-integrated DNS servers are. In both respects AD is multi-master. There is a role called Global Catalog(GC), and one DC will be designated as such. The GC is the DC that all carries all forest-wide information and through which all other servers and workstations resgister with the domain. If it becomes unavailable users can still log in for a certain amount of time through cached credentials on their workstations.

I also now understand what you were meaning by primary and secondary servers. You were referring to which DNS servers each DNS server points to. That configuration depends a lot on how your network is configured, physically. If you have reliable links to satellite sites and one central site then having all the DNS servers point to the DNS server on your GC located on your main site as the primary lookup and to themselves as secondary lookupis OK. This may cause extended login times if the links to, or the central site DNS, go down but it will keep the Win 2K servers from islanding. If the links between the satellites and the central site are unreliable then having them point in a criss-cross fashion as the primary lookup and to themselves as secondary lookups is the recommended way to do things. At least that is my understanding of it.

d-Faktor may disagree and if he does, then listen to him. He's the one with tons of experience with widely scattered sites.

 

Erm cough - d-Faktor is of the fairer sex Freddy

 

Hmmmm.... Well, all I can say is, Have you met d-Faktor in person? If you haven't, on what do you base your assessment of d-Faktor's gender?

 

No, I havent met her in person Freddy and I can't remember exactly but I belive it was Trip that pointed it out to me and after that it became obvious. Such things as the cutsie pink hat and other Avatars she has used. Oh and men are never that clever or moody

She seems to have vanished from here, hopefully just for the time being

 

All I will say in reply is, beware of assumptions.

 

It's not an assumption.

If you don't mind Freddy, I will turn your question around..

Have you met d-Faktor in person? If you haven't, on what do you base your assessment of d-Faktor's gender?