:)
demists eyes
The main thing I don't like is AD Integrated. There is
something fundamentally wrong with having your directory replication completely
dependent on the name resolution system that is completely dependent on the
directory replication system that is completely dependent on
Any
poor implementation is going tohurt you but I would argue that you are
better off with a poor BIND/QIP DNS implementation than a poor Windows DNS
implementation just because of the whole dependency loop thing.
If you
can adequately state your needs to a UNIX DNS group they can
If it should be, it should come from MSFT... They could
easily configure that if they feel it is important. As a general thing, you
really shouldn't be having to manipulate service startup order especially for
critical services. I think I have done that maybe 5 or 10 times in 10 years and
I
Hehe Bingo... keep playing and one day you may even think
how nice it is to not have DNS on DCs at all or even on Microsoft Is that
heresy here? If so I will say three Hail Kwan's and sprinkle some ground up
Intel chip dust on myself... ;o)
Dean wonders why I hate DNS. :)
Now don't go getting misty eyed and thinking that I'm coming over the joe-side of thinking when it comes to DNS and Microsoft. But aye, it has it's shortcomings and could be much better. Perhaps they need a real competitor vis a vis Firefox and IE to get things jumping?
Hmm.
:)
On
Nice answer Steve. Thanks for the info. and
the KB.
- Original Message -
From:
Steve
Linehan
To: ActiveDir@mail.activedir.org
Sent: Friday, July 14, 2006 7:41 PM
Subject: RE: [ActiveDir] Always point a
DC with DNS installed to itself as the preferred DNS
Indeed very usefull information, thanks for this.
- Oorspronkelijk bericht -
Van: Paul Williams [EMAIL PROTECTED]
Datum: maandag, juli 17, 2006 12:06 pm
Onderwerp: Re: [ActiveDir] Always point a DC with DNS installed to
itself as the preferred DNS server...always?
Nice answer Steve.
I can't see how you can get a duplicate NDNC as the creation of such objects
is targetted at the DN master. The DN master will check the existing
crossRefs and stop this happening, as we can't rely on the DS stopping it as
the RDN is different for each NDNC (unless they've used well-known GUIDs
I'd have to do some more digging as to *why* the duplicate
app-partitions were created, but I've had to troubleshoot this prior to
SP1. This was during a global Win2003 DC rollout - we used the IFM
feature to rollout the DCs. But prior to SP1 you couldn't add the
application partitions to the
Guido, have you checked this lately? I know there were several changes to that behavior in several revs IIRC. The problems you describe were better than a challenge, as I recall. they had a tenedancy to wreak havoc with integrated dns zones when a dc would come up and create a new zone and then
there was no need to check on this issue again - with SP1
it doesn't happen ;-)
I'm sure there were several pre-SP1 fixes targeted at this
issue and were then integrated into SP1.
but rgd. the startup behaviour of DNS in SP1, I'm rather
sure that's unchanged at this point.
Would be happy
I believe I covered most of this on a
previous posting to ActiveDir but here are all of the details into what change
was made and why:
First of all the change that was
made requires that an Initial Sync is completed before DNS will load the
zones. This change was made after a customer
just found the description of the error and the pre-SP1
hotfix to the duplicate DNS app-partitions issue:
http://support.microsoft.com/kb/836534/en-us
From: Grillenmeier, Guido Sent:
Freitag, 14. Juli 2006 20:34To:
'ActiveDir@mail.activedir.org'Subject: RE: [ActiveDir] Always point a
DC
Yeah, that looks a lot more familiar now. I recall working with several of the hotfixes for a similar issue.
Thanks Guido and Steve for taking the time and Steve for suggesting to the owners that recommendations get updated.
As I've mentioned before, the thinking changes but I'd still prefer
thanks for the additional information Steve - I would also
be interested to hear the official recommendation rgd. DNS configuration on DCs
in Win2003 SP1/SP2 and Longhorn.
/Guido
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve
LinehanSent: Friday, July 14, 2006 8:41
One point that is nearly always overlooked is the
following, if a DC points to itself for DNS name res:
The DNS server service starts *after* NETLOGON, at
startup
The DNS server service stops *before* NETLOGON, at
shutdown
i.e.
at
startup netlogon cannot register DNS records on the
Al,
This sure helped, we are by the way indeed talking about W2K DC's.
Victor
- Oorspronkelijk bericht -
Van: Al Mulnick [EMAIL PROTECTED]
Datum: donderdag, juli 13, 2006 3:58 am
Onderwerp: Re: [ActiveDir] Always point a DC with DNS installed to
itself as the preferred DNS
In that case, then you won't want to make the host a client of itself. Then you would/could run into the island effect.
When you get to R2, you'll want to weigh Neil's comments and see how that plays in your environment.
Al
On 7/13/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Al,This sure
Not unless you make Netlogon dependent on DNS in the startup order. That should be a standard practice.
Sincerely, _ (, / | /) /) /) /---| (/_ __ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.readymaids.com - we know
I'd rather not make fundamental changes like that - I'd
need to spend time testing, which I can better allocate to other tasks
:)
It's also not a "visible" change and one which may be
overlooked and falls into my 'over engineering' bucket.
:)
neil
From: [EMAIL PROTECTED]
Hi Al
I did want to throw in a personl experience I had with W2K3 that validates
the Point your DNS server to a replication partner theory. I did see in
one environment where every DC had DNS and the msdcs partition was a forest
partition. An unfortunate DNS scavenge was done deleting some of
Don't domain controllers register their SRV records with both primary
and secondary DNS?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, July 13, 2006 10:02 AM
To: ActiveDir@mail.activedir.org
Cc:
note that DNS startup behavious changes with SP1, which is another
reason not to choose the DC itself as the preferred DNS server: with
SP1, AD will not allow the DNS service to read any records, until it has
successfully replicated with one of it's replication partners. This is
to avoid false or
See how quickly thinking changes? :)
I almost think this is a better reason not to have AD-integrated DNS. Shall have to ponder a bit more, but I detest the idea of a DNS server being a client to a peer name res server. I'm still inclined to continue to use the self-as-primary deployment. I
Great input, it's really getting more and more interesting, I'm glad I
raised the question.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Al
MulnickSent: donderdag 13 juli 2006 21:32To:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Always point a
DC with DNS
You don't work at the post office do you? ;)
There are many many many ways to properly configure DNS.One thing that helps is to think of the terms client and server vs. preferred and alternate only. You are configuring a preferred server and an alternate server that you want this DC to be a
26 matches
Mail list logo
