Re: [ActiveDir][OT] Always point a DC with DNS installed to itself as the preferred DNS server...always?
Only just found this one... Re. [1]. I'm sorry, but it just had to be said. Who the hell asks that? Honestly, who? big grin --Paul - Original Message - From: joe [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Saturday, July 22, 2006 12:54 AM Subject: RE: [ActiveDir][OT] Always point a DC with DNS installed to itself as the preferred DNS server...always? Paul with the combination of your TLAs and your harsh Welsh Accent I haven't the foggiest clue what you said here yeah... :) Warm[1] [1] That kills me, inside joke... -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Williams Sent: Friday, July 14, 2006 6:33 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Always point a DC with DNS installed to itself as the preferred DNS server...always? I can't see how you can get a duplicate NDNC as the creation of such objects is targetted at the DN master. The DN master will check the existing crossRefs and stop this happening, as we can't rely on the DS stopping it as the RDN is different for each NDNC (unless they've used well-known GUIDs for the DNS NCs?). Although the behaviour you speak of is new to me, and another one of those slight, interesting changes, so thanks for that. Can you elaborate on this new behaviour? What, exactly, happens and in what order? --Paul - Original Message - From: Grillenmeier, Guido [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Thursday, July 13, 2006 6:52 PM Subject: RE: [ActiveDir] Always point a DC with DNS installed to itself as the preferred DNS server...always? note that DNS startup behavious changes with SP1, which is another reason not to choose the DC itself as the preferred DNS server: with SP1, AD will not allow the DNS service to read any records, until it has successfully replicated with one of it's replication partners. This is to avoid false or duplicate registration of records (or even duplicate creation of the application partitions). As such, with SP1 it's better to point your DCs to a replication partner as a primary DNS and to self as a secondary. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Donnerstag, 13. Juli 2006 17:02 To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Always point a DC with DNS installed to itself as the preferred DNS server...always? Hi Al I did want to throw in a personl experience I had with W2K3 that validates the Point your DNS server to a replication partner theory. I did see in one environment where every DC had DNS and the msdcs partition was a forest partition. An unfortunate DNS scavenge was done deleting some of the GUID records in the MSCDCS partition. Replication started to fail shortly after that and the missing GUIDs were discovered. The netlogon service was restarted to make the DCs re-register but of course they re-registered the GUID on themselves. They could find themselves but not their replication partners. The replication partners could find them but not themeselves. When the DCs were set to point to a hub replication partner for primary and themselves as secondary the problem went away - the netlogon service was restarted, the GUIDs registered on the central DNS server, the spokes did the lookup for replication parnters on the hub site DC and eventually things started working again. This was pre - SP1 so this may not be a problem anymore, but after that experience I have seen value in doing the DNS configuration so that the DCs all point to the hub first and themselves second. I have not seen any problems for the DC itself when the WAN link dropped for a length of time and the primary DNS server was not reachable. Of course, if there are never any changes to DC IPs or names and the MSDCS is never scavenged (or the interval is long enough not to recreate the above problem) then the above argument is moot. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service 202-230-2983 [EMAIL PROTECTED] Al Mulnick [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent by: cc: (bcc: James Day/Contractor/NPS) [EMAIL PROTECTED]Subject: Re: [ActiveDir] Always point a DC with DNS installed to itself as the tivedir.org preferred DNS server...always? 07/12/2006 09:58 PM AST Please respond to ActiveDir You don't work at the post office do you? ;) There are many many many ways to properly configure DNS. One thing that helps is to think of the terms client
RE: [ActiveDir][OT] Always point a DC with DNS installed to itself as the preferred DNS server...always?
Paul with the combination of your TLAs and your harsh Welsh Accent I haven't the foggiest clue what you said here yeah... :) Warm[1] [1] That kills me, inside joke... -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Williams Sent: Friday, July 14, 2006 6:33 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Always point a DC with DNS installed to itself as the preferred DNS server...always? I can't see how you can get a duplicate NDNC as the creation of such objects is targetted at the DN master. The DN master will check the existing crossRefs and stop this happening, as we can't rely on the DS stopping it as the RDN is different for each NDNC (unless they've used well-known GUIDs for the DNS NCs?). Although the behaviour you speak of is new to me, and another one of those slight, interesting changes, so thanks for that. Can you elaborate on this new behaviour? What, exactly, happens and in what order? --Paul - Original Message - From: Grillenmeier, Guido [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Thursday, July 13, 2006 6:52 PM Subject: RE: [ActiveDir] Always point a DC with DNS installed to itself as the preferred DNS server...always? note that DNS startup behavious changes with SP1, which is another reason not to choose the DC itself as the preferred DNS server: with SP1, AD will not allow the DNS service to read any records, until it has successfully replicated with one of it's replication partners. This is to avoid false or duplicate registration of records (or even duplicate creation of the application partitions). As such, with SP1 it's better to point your DCs to a replication partner as a primary DNS and to self as a secondary. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Donnerstag, 13. Juli 2006 17:02 To: ActiveDir@mail.activedir.org Cc: ActiveDir@mail.activedir.org; [EMAIL PROTECTED] Subject: Re: [ActiveDir] Always point a DC with DNS installed to itself as the preferred DNS server...always? Hi Al I did want to throw in a personl experience I had with W2K3 that validates the Point your DNS server to a replication partner theory. I did see in one environment where every DC had DNS and the msdcs partition was a forest partition. An unfortunate DNS scavenge was done deleting some of the GUID records in the MSCDCS partition. Replication started to fail shortly after that and the missing GUIDs were discovered. The netlogon service was restarted to make the DCs re-register but of course they re-registered the GUID on themselves. They could find themselves but not their replication partners. The replication partners could find them but not themeselves. When the DCs were set to point to a hub replication partner for primary and themselves as secondary the problem went away - the netlogon service was restarted, the GUIDs registered on the central DNS server, the spokes did the lookup for replication parnters on the hub site DC and eventually things started working again. This was pre - SP1 so this may not be a problem anymore, but after that experience I have seen value in doing the DNS configuration so that the DCs all point to the hub first and themselves second. I have not seen any problems for the DC itself when the WAN link dropped for a length of time and the primary DNS server was not reachable. Of course, if there are never any changes to DC IPs or names and the MSDCS is never scavenged (or the interval is long enough not to recreate the above problem) then the above argument is moot. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service 202-230-2983 [EMAIL PROTECTED] Al Mulnick [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent by: cc: (bcc: James Day/Contractor/NPS) [EMAIL PROTECTED]Subject: Re: [ActiveDir] Always point a DC with DNS installed to itself as the tivedir.org preferred DNS server...always? 07/12/2006 09:58 PM AST Please respond to ActiveDir You don't work at the post office do you? ;) There are many many many ways to properly configure DNS. One thing that helps is to think of the terms client and server vs. preferred and alternate only. You are configuring a preferred server and an alternate server that you want this DC to be a client of. DNS is a standard. Windows 2003 DNS follows those standards (comments really, but let's not pick right?) Microsoft has done some enhancements above and beyond that