RE: [ActiveDir] Recommended DNS settings in 3 domain forest
Guido, thanks for your help on this! Best regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Tuesday, April 26, 2005 1:31 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest ah - that changes the picture option 3 is still valid for child DCs (DCs point to themselves + another DC of the same domain), but you should either add a secondary of _msdcs subzone of the root (i.e make this it's own zone) or - if the root zone itself is not too large - add a secondary of the root itself to the child DCs. for the root DCs, ensure that they use a different root DC as their primary DNS server, then either another root DC (if you have three) or themselves for the secondary DNS server. I you have three, then I'd add themselves as a third DNS server. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 22:07 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest Oops, sorry. I did forget. It's all Win2K. We're probably a while away from 2003 Guido. What's the recommendation in that case? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Monday, April 25, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest you don't mention OS version - I'm assuming you will or have implemented Win2k3. In this case the island-problem (which used to be an issue in a Win2k AD's root domain) is no longer an issue and you're fine to go ahead with your option 3. I would also recommend to setup the _msdcs subzone of the root as a forest wide app-partition, so that all DCs receive a copy (in this case DNS queries for GCs and DC GUIDs would still work in the even that no root DC is available to answer any forwarding queries). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 19:11 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Recommended DNS settings in 3 domain forest I'd like to solicit a little advice on our AD design with respect to DNS. We have an empty forest root domain, and two subdomains. Each domain has at least 3 DCs, two in the main subnet at our corporate office, and one in a remote office. All DCs have DNS installed, all AD-integrated. Each DC's DNS has a copy of its own zone, and has forwarders set up to the root domain. That domain has forwarders to our external DNS servers. My question is, on each of the DCs, how should their own DNS settings be set? That is, what DNS server(s) should a particular DC use for its DNS queries? I've tried a few different approaches, and I think I understand the concept of islanding, but I'm not totally clear on that. My goal is simply to make sure all DNS queries from the users (who all exist in the two sub-domains) run smoothly, and that replication is reliable. Different ideas I've tried: 1. Each DC has itself as a primary DNS, and a forest root DC as secondary 2. Each DC has a partner DC in the same domain as a primary, and a forest root DC as secondary 3. Each DC has itself as primary, and a partner DC in the same domain as secondary; no root DC defined I'd like to just do whatever best practice would be and then leave it alone. Thanks as always for your advice! Mark This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please
RE: [ActiveDir] Recommended DNS settings in 3 domain forest
One more question on this - is it a good idea to have secondary zones for the other PEER domains on each subdomain's DCs? In other words, domain.com is root. Sub1.domain.com and sub2.domain.com are subdomains, and peers of each other. Should the DCs for sub1 all have secondary zones for sub2 and vice-versa? Thanks again! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Tuesday, April 26, 2005 1:31 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest ah - that changes the picture option 3 is still valid for child DCs (DCs point to themselves + another DC of the same domain), but you should either add a secondary of _msdcs subzone of the root (i.e make this it's own zone) or - if the root zone itself is not too large - add a secondary of the root itself to the child DCs. for the root DCs, ensure that they use a different root DC as their primary DNS server, then either another root DC (if you have three) or themselves for the secondary DNS server. I you have three, then I'd add themselves as a third DNS server. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 22:07 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest Oops, sorry. I did forget. It's all Win2K. We're probably a while away from 2003 Guido. What's the recommendation in that case? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Monday, April 25, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest you don't mention OS version - I'm assuming you will or have implemented Win2k3. In this case the island-problem (which used to be an issue in a Win2k AD's root domain) is no longer an issue and you're fine to go ahead with your option 3. I would also recommend to setup the _msdcs subzone of the root as a forest wide app-partition, so that all DCs receive a copy (in this case DNS queries for GCs and DC GUIDs would still work in the even that no root DC is available to answer any forwarding queries). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 19:11 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Recommended DNS settings in 3 domain forest I'd like to solicit a little advice on our AD design with respect to DNS. We have an empty forest root domain, and two subdomains. Each domain has at least 3 DCs, two in the main subnet at our corporate office, and one in a remote office. All DCs have DNS installed, all AD-integrated. Each DC's DNS has a copy of its own zone, and has forwarders set up to the root domain. That domain has forwarders to our external DNS servers. My question is, on each of the DCs, how should their own DNS settings be set? That is, what DNS server(s) should a particular DC use for its DNS queries? I've tried a few different approaches, and I think I understand the concept of islanding, but I'm not totally clear on that. My goal is simply to make sure all DNS queries from the users (who all exist in the two sub-domains) run smoothly, and that replication is reliable. Different ideas I've tried: 1. Each DC has itself as a primary DNS, and a forest root DC as secondary 2. Each DC has a partner DC in the same domain as a primary, and a forest root DC as secondary 3. Each DC has itself as primary, and a partner DC in the same domain as secondary; no root DC defined I'd like to just do whatever best practice would be and then leave it alone. Thanks as always for your advice! Mark This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you
RE: [ActiveDir] Recommended DNS settings in 3 domain forest
Mark, that depends more on the usage scenarios of your domains. If you have many cross-domain shared resources, e.g. where users working on computer in sub1.domain.com often need to access servers in the sub2.domain.com domain, a secondary could cause less traffic and would be more independend on the availability of a DC/DNS server of sub2. If it is the exception, then I wouldn't bother creating those secondaries (however, you may still want to add secondaries to the root of the domain saving another hop to get those names resolved) /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Dienstag, 26. April 2005 20:36 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest One more question on this - is it a good idea to have secondary zones for the other PEER domains on each subdomain's DCs? In other words, domain.com is root. Sub1.domain.com and sub2.domain.com are subdomains, and peers of each other. Should the DCs for sub1 all have secondary zones for sub2 and vice-versa? Thanks again! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Tuesday, April 26, 2005 1:31 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest ah - that changes the picture option 3 is still valid for child DCs (DCs point to themselves + another DC of the same domain), but you should either add a secondary of _msdcs subzone of the root (i.e make this it's own zone) or - if the root zone itself is not too large - add a secondary of the root itself to the child DCs. for the root DCs, ensure that they use a different root DC as their primary DNS server, then either another root DC (if you have three) or themselves for the secondary DNS server. I you have three, then I'd add themselves as a third DNS server. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 22:07 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest Oops, sorry. I did forget. It's all Win2K. We're probably a while away from 2003 Guido. What's the recommendation in that case? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Monday, April 25, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest you don't mention OS version - I'm assuming you will or have implemented Win2k3. In this case the island-problem (which used to be an issue in a Win2k AD's root domain) is no longer an issue and you're fine to go ahead with your option 3. I would also recommend to setup the _msdcs subzone of the root as a forest wide app-partition, so that all DCs receive a copy (in this case DNS queries for GCs and DC GUIDs would still work in the even that no root DC is available to answer any forwarding queries). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 19:11 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Recommended DNS settings in 3 domain forest I'd like to solicit a little advice on our AD design with respect to DNS. We have an empty forest root domain, and two subdomains. Each domain has at least 3 DCs, two in the main subnet at our corporate office, and one in a remote office. All DCs have DNS installed, all AD-integrated. Each DC's DNS has a copy of its own zone, and has forwarders set up to the root domain. That domain has forwarders to our external DNS servers. My question is, on each of the DCs, how should their own DNS settings be set? That is, what DNS server(s) should a particular DC use for its DNS queries? I've tried a few different approaches, and I think I understand the concept of islanding, but I'm not totally clear on that. My goal is simply to make sure all DNS queries from the users (who all exist in the two sub-domains) run smoothly, and that replication is reliable. Different ideas I've tried: 1. Each DC has itself as a primary DNS, and a forest root DC as secondary 2. Each DC has a partner DC in the same domain as a primary, and a forest root DC as secondary 3. Each DC has itself as primary, and a partner DC in the same domain as secondary; no root DC defined I'd like to just do whatever best practice would be and then leave it alone. Thanks as always for your advice! Mark This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply
RE: [ActiveDir] Recommended DNS settings in 3 domain forest
Excellent explanation. Thanks again!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Tuesday, April 26, 2005 4:37 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest Mark, that depends more on the usage scenarios of your domains. If you have many cross-domain shared resources, e.g. where users working on computer in sub1.domain.com often need to access servers in the sub2.domain.com domain, a secondary could cause less traffic and would be more independend on the availability of a DC/DNS server of sub2. If it is the exception, then I wouldn't bother creating those secondaries (however, you may still want to add secondaries to the root of the domain saving another hop to get those names resolved) /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Dienstag, 26. April 2005 20:36 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest One more question on this - is it a good idea to have secondary zones for the other PEER domains on each subdomain's DCs? In other words, domain.com is root. Sub1.domain.com and sub2.domain.com are subdomains, and peers of each other. Should the DCs for sub1 all have secondary zones for sub2 and vice-versa? Thanks again! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Tuesday, April 26, 2005 1:31 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest ah - that changes the picture option 3 is still valid for child DCs (DCs point to themselves + another DC of the same domain), but you should either add a secondary of _msdcs subzone of the root (i.e make this it's own zone) or - if the root zone itself is not too large - add a secondary of the root itself to the child DCs. for the root DCs, ensure that they use a different root DC as their primary DNS server, then either another root DC (if you have three) or themselves for the secondary DNS server. I you have three, then I'd add themselves as a third DNS server. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 22:07 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest Oops, sorry. I did forget. It's all Win2K. We're probably a while away from 2003 Guido. What's the recommendation in that case? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Monday, April 25, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest you don't mention OS version - I'm assuming you will or have implemented Win2k3. In this case the island-problem (which used to be an issue in a Win2k AD's root domain) is no longer an issue and you're fine to go ahead with your option 3. I would also recommend to setup the _msdcs subzone of the root as a forest wide app-partition, so that all DCs receive a copy (in this case DNS queries for GCs and DC GUIDs would still work in the even that no root DC is available to answer any forwarding queries). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 19:11 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Recommended DNS settings in 3 domain forest I'd like to solicit a little advice on our AD design with respect to DNS. We have an empty forest root domain, and two subdomains. Each domain has at least 3 DCs, two in the main subnet at our corporate office, and one in a remote office. All DCs have DNS installed, all AD-integrated. Each DC's DNS has a copy of its own zone, and has forwarders set up to the root domain. That domain has forwarders to our external DNS servers. My question is, on each of the DCs, how should their own DNS settings be set? That is, what DNS server(s) should a particular DC use for its DNS queries? I've tried a few different approaches, and I think I understand the concept of islanding, but I'm not totally clear on that. My goal is simply to make sure all DNS queries from the users (who all exist in the two sub-domains) run smoothly, and that replication is reliable. Different ideas I've tried: 1. Each DC has itself as a primary DNS, and a forest root DC as secondary 2. Each DC has a partner DC in the same domain as a primary, and a forest root DC as secondary 3. Each DC has itself as primary, and a partner DC in the same domain as secondary; no root DC defined I'd like to just do whatever best practice would be and then leave it alone. Thanks as always for your advice! Mark This e-mail transmission contains information that is intended to be confidential and privileged
Re: [ActiveDir] Recommended DNS settings in 3 domain forest
You should have the secondary zones and vice versa. There have been some good posts here about that. I'd like to point you to an excellent article that Mark Minasi wrote last fall in Windows It Pro http://www.windowsitpro.com/Windows/Article/ArticleID/43582/43582.html I can't say it better than Mark so I'll let you digest his article. Thanks Mike On 4/26/05, Creamer, Mark [EMAIL PROTECTED] wrote: Excellent explanation. Thanks again!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Tuesday, April 26, 2005 4:37 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest Mark, that depends more on the usage scenarios of your domains. If you have many cross-domain shared resources, e.g. where users working on computer in sub1.domain.com often need to access servers in the sub2.domain.com domain, a secondary could cause less traffic and would be more independend on the availability of a DC/DNS server of sub2. If it is the exception, then I wouldn't bother creating those secondaries (however, you may still want to add secondaries to the root of the domain saving another hop to get those names resolved) /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Dienstag, 26. April 2005 20:36 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest One more question on this - is it a good idea to have secondary zones for the other PEER domains on each subdomain's DCs? In other words, domain.com is root. Sub1.domain.com and sub2.domain.com are subdomains, and peers of each other. Should the DCs for sub1 all have secondary zones for sub2 and vice-versa? Thanks again! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Tuesday, April 26, 2005 1:31 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest ah - that changes the picture option 3 is still valid for child DCs (DCs point to themselves + another DC of the same domain), but you should either add a secondary of _msdcs subzone of the root (i.e make this it's own zone) or - if the root zone itself is not too large - add a secondary of the root itself to the child DCs. for the root DCs, ensure that they use a different root DC as their primary DNS server, then either another root DC (if you have three) or themselves for the secondary DNS server. I you have three, then I'd add themselves as a third DNS server. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 22:07 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest Oops, sorry. I did forget. It's all Win2K. We're probably a while away from 2003 Guido. What's the recommendation in that case? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Monday, April 25, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest you don't mention OS version - I'm assuming you will or have implemented Win2k3. In this case the island-problem (which used to be an issue in a Win2k AD's root domain) is no longer an issue and you're fine to go ahead with your option 3. I would also recommend to setup the _msdcs subzone of the root as a forest wide app-partition, so that all DCs receive a copy (in this case DNS queries for GCs and DC GUIDs would still work in the even that no root DC is available to answer any forwarding queries). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 19:11 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Recommended DNS settings in 3 domain forest I'd like to solicit a little advice on our AD design with respect to DNS. We have an empty forest root domain, and two subdomains. Each domain has at least 3 DCs, two in the main subnet at our corporate office, and one in a remote office. All DCs have DNS installed, all AD-integrated. Each DC's DNS has a copy of its own zone, and has forwarders set up to the root domain. That domain has forwarders to our external DNS servers. My question is, on each of the DCs, how should their own DNS settings be set? That is, what DNS server(s) should a particular DC use for its DNS queries? I've tried a few different approaches, and I think I understand the concept of islanding, but I'm not totally clear on that. My goal is simply to make sure all DNS queries from the users (who all exist in the two sub-domains) run smoothly, and that replication
[ActiveDir] Recommended DNS settings in 3 domain forest
I'd like to solicit a little advice on our AD design with respect to DNS. We have an empty forest root domain, and two subdomains. Each domain has at least 3 DCs, two in the main subnet at our corporate office, and one in a remote office. All DCs have DNS installed, all AD-integrated. Each DC's DNS has a copy of its own zone, and has forwarders set up to the root domain. That domain has forwarders to our external DNS servers. My question is, on each of the DCs, how should their own DNS settings be set? That is, what DNS server(s) should a particular DC use for its DNS queries? I've tried a few different approaches, and I think I understand the concept of islanding, but I'm not totally clear on that. My goal is simply to make sure all DNS queries from the users (who all exist in the two sub-domains) run smoothly, and that replication is reliable. Different ideas I've tried: 1. Each DC has itself as a primary DNS, and a forest root DC as secondary 2. Each DC has a partner DC in the same domain as a primary, and a forest root DC as secondary 3. Each DC has itself as primary, and a partner DC in the same domain as secondary; no root DC defined I'd like to just do whatever best practice would be and then leave it alone. Thanks as always for your advice! Mark This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Recommended DNS settings in 3 domain forest
you don't mention OS version - I'm assuming you will or have implemented Win2k3. In this case the island-problem (which used to be an issue in a Win2k AD's root domain) is no longer an issue and you're fine to go ahead with your option 3. I would also recommend to setup the _msdcs subzone of the root as a forest wide app-partition, so that all DCs receive a copy (in this case DNS queries for GCs and DC GUIDs would still work in the even that no root DC is available to answer any forwarding queries). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 19:11 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Recommended DNS settings in 3 domain forest I'd like to solicit a little advice on our AD design with respect to DNS. We have an empty forest root domain, and two subdomains. Each domain has at least 3 DCs, two in the main subnet at our corporate office, and one in a remote office. All DCs have DNS installed, all AD-integrated. Each DC's DNS has a copy of its own zone, and has forwarders set up to the root domain. That domain has forwarders to our external DNS servers. My question is, on each of the DCs, how should their own DNS settings be set? That is, what DNS server(s) should a particular DC use for its DNS queries? I've tried a few different approaches, and I think I understand the concept of islanding, but I'm not totally clear on that. My goal is simply to make sure all DNS queries from the users (who all exist in the two sub-domains) run smoothly, and that replication is reliable. Different ideas I've tried: 1. Each DC has itself as a primary DNS, and a forest root DC as secondary 2. Each DC has a partner DC in the same domain as a primary, and a forest root DC as secondary 3. Each DC has itself as primary, and a partner DC in the same domain as secondary; no root DC defined I'd like to just do whatever best practice would be and then leave it alone. Thanks as always for your advice! Mark This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Recommended DNS settings in 3 domain forest
Oops, sorry. I did forget. It's all Win2K. We're probably a while away from 2003 Guido. What's the recommendation in that case? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Monday, April 25, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest you don't mention OS version - I'm assuming you will or have implemented Win2k3. In this case the island-problem (which used to be an issue in a Win2k AD's root domain) is no longer an issue and you're fine to go ahead with your option 3. I would also recommend to setup the _msdcs subzone of the root as a forest wide app-partition, so that all DCs receive a copy (in this case DNS queries for GCs and DC GUIDs would still work in the even that no root DC is available to answer any forwarding queries). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 19:11 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Recommended DNS settings in 3 domain forest I'd like to solicit a little advice on our AD design with respect to DNS. We have an empty forest root domain, and two subdomains. Each domain has at least 3 DCs, two in the main subnet at our corporate office, and one in a remote office. All DCs have DNS installed, all AD-integrated. Each DC's DNS has a copy of its own zone, and has forwarders set up to the root domain. That domain has forwarders to our external DNS servers. My question is, on each of the DCs, how should their own DNS settings be set? That is, what DNS server(s) should a particular DC use for its DNS queries? I've tried a few different approaches, and I think I understand the concept of islanding, but I'm not totally clear on that. My goal is simply to make sure all DNS queries from the users (who all exist in the two sub-domains) run smoothly, and that replication is reliable. Different ideas I've tried: 1. Each DC has itself as a primary DNS, and a forest root DC as secondary 2. Each DC has a partner DC in the same domain as a primary, and a forest root DC as secondary 3. Each DC has itself as primary, and a partner DC in the same domain as secondary; no root DC defined I'd like to just do whatever best practice would be and then leave it alone. Thanks as always for your advice! Mark This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Recommended DNS settings in 3 domain forest
3. Each DC has itself as primary, and a partner DC in the same domain as secondary; no root DC defined My favorite: 4. One DC in each domain is chosen as primary for every server in that domain, and each DC points to itself as secondary; All DCs in the child domains use the servers in the root domains as forwarders... -ASB FAST, CHEAP, SECURE: Pick Any TWO http://www.ultratech-llc.com/KB/ADNetwork.TXT On 4/25/05, Creamer, Mark [EMAIL PROTECTED] wrote: I'd like to solicit a little advice on our AD design with respect to DNS. We have an empty forest root domain, and two subdomains. Each domain has at least 3 DCs, two in the main subnet at ourcorporate office, and one in a remote office. All DCs have DNS installed, all AD-integrated. Each DC'sDNS has a copy of its own zone, and has forwarders set up to the root domain. That domain has forwarders to our external DNS servers.My question is, on each of the DCs, how should their own DNS settings be set? That is, what DNSserver(s) should a particular DC use for its DNS queries? I've tried a few different approaches, and I think I understand the concept of islanding, but I'm nottotally clear on that. My goal is simply to make sure all DNS queries from the users (who all exist inthe two sub-domains) run smoothly, and that replication is reliable. Different ideas I've tried:1. Each DC has itself as a primary DNS, and a forest root DC as secondary2. Each DC has a partner DC in the same domain as a primary, and a forest root DC as secondary3. Each DC has itself as primary, and a partner DC in the same domain as secondary; no root DC defined I'd like to just do whatever best practice would be and then leave it alone. Thanks as always for youradvice!Mark
RE: [ActiveDir] Recommended DNS settings in 3 domain forest
ah - that changes the picture option 3 is still valid for child DCs (DCs point to themselves + another DC of the same domain), but you should either add a secondary of _msdcs subzone of the root (i.e make this it's own zone) or - if the root zone itself is not too large - add a secondary of the root itself to the child DCs. for the root DCs, ensure that they use a different root DC as their primary DNS server, then either another root DC (if you have three) or themselves for the secondary DNS server. I you have three, then I'd add themselves as a third DNS server. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 22:07 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest Oops, sorry. I did forget. It's all Win2K. We're probably a while away from 2003 Guido. What's the recommendation in that case? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Monday, April 25, 2005 4:00 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Recommended DNS settings in 3 domain forest you don't mention OS version - I'm assuming you will or have implemented Win2k3. In this case the island-problem (which used to be an issue in a Win2k AD's root domain) is no longer an issue and you're fine to go ahead with your option 3. I would also recommend to setup the _msdcs subzone of the root as a forest wide app-partition, so that all DCs receive a copy (in this case DNS queries for GCs and DC GUIDs would still work in the even that no root DC is available to answer any forwarding queries). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Montag, 25. April 2005 19:11 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Recommended DNS settings in 3 domain forest I'd like to solicit a little advice on our AD design with respect to DNS. We have an empty forest root domain, and two subdomains. Each domain has at least 3 DCs, two in the main subnet at our corporate office, and one in a remote office. All DCs have DNS installed, all AD-integrated. Each DC's DNS has a copy of its own zone, and has forwarders set up to the root domain. That domain has forwarders to our external DNS servers. My question is, on each of the DCs, how should their own DNS settings be set? That is, what DNS server(s) should a particular DC use for its DNS queries? I've tried a few different approaches, and I think I understand the concept of islanding, but I'm not totally clear on that. My goal is simply to make sure all DNS queries from the users (who all exist in the two sub-domains) run smoothly, and that replication is reliable. Different ideas I've tried: 1. Each DC has itself as a primary DNS, and a forest root DC as secondary 2. Each DC has a partner DC in the same domain as a primary, and a forest root DC as secondary 3. Each DC has itself as primary, and a partner DC in the same domain as secondary; no root DC defined I'd like to just do whatever best practice would be and then leave it alone. Thanks as always for your advice! Mark This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir
