Active Directory & DNS Requirement

  • Thread starter Thread starter Bit Surfer
  • Start date Start date
B

Bit Surfer

Quick question:

I have three Windows 2000 Servers which are active directory peers. Each
currently has the DNS service installed, each DNS server is Active Directory
integrated. I would like to migrate the DNS down to one server. Is the DNS
service required to be running on each of the domain controllers, or will I
be okay removing it from the other two?

Thanks.
 
-----Original Message-----
Quick question:

I have three Windows 2000 Servers which are active directory peers. Each
currently has the DNS service installed, each DNS server is Active Directory
integrated. I would like to migrate the DNS down to one server. Is the DNS
service required to be running on each of the domain controllers, or will I
be okay removing it from the other two?

Thanks.



.
Click to expand...
Bit Surfer,

While you will be fine with only one DNS server I would
suggest that you keep DNS on two of the DCs. Redundancy
is a good thing...What happens if that one DC running DNS
goes down? No one can get to the Internet...I would not
wnat ot be in your shoes when that happens ( God forbid! ).

HTH,

Cary
 
dont forget to point your clients that are currently
attached to the other two DNS servers to the DNS server
you leave alone :)
 
-----Original Message-----



Thanks for the clarification.

DNS is also running on our firewall. Each of my workstations has been using
one of the AD DNS servers as their primary DNS & the firewall as their
secondary DNS. Sorry I forgot to mention that in my original post, but I
think I have redundancy. I'm just trying to clean up some of the services
on slow boxen :-)

Thank you.



.
Click to expand...
Bit Surfer,

Please use ONLY your internal DNS Servers. Your Firewall
holds what would most likely be called "Forwarders". Do
you by chance use your Firewall as your DHCP Server? I
know that my boss uses the SonicWall Firewall at just
about every client's site as the DHCP Server. It took a
bit for me to get used to it but it is not such a bod
solution...

Anyway, your Firewall holds the Public IP Addresses of
your ISP's DNS info. These IP Addresses should be set up
on your I N T E R N A L DNS Server(s) as FORWARDERS.
Point your clients ( workstations ) to the IP Address of
the DC running DNS and to that DNS Server alone.

Your internal DNS will be responsible for internal name
resolution. Any external resolution will be handled by
either the ROOT HINTS - which I think would be the
situation currently - or by the Forwarders. Yes, you can
have both. Forwarders would have the first shot at it,
then the Root Hints come into play..

HTH,

Cary
 
DNS is also running on our firewall. Each of my workstations has
been using one of the AD DNS servers as their primary DNS & the
firewall as their secondary DNS. Sorry I forgot to mention that in
my original post, but I think I have redundancy. I'm just trying to
clean up some of the services on slow boxen :-)
Click to expand...
I don't know whether or not you know, but the second entry in the
clients' DNS does *nothing* provided the first one is up. It is never
used. If the first one goes down however, it does get used, but then,
if you have W2K clients, it "sticks". In other words, if the internal
server comes back up, the clients don't usually notice and go on using
the other DNS.

Really, you *need* two internal DNS servers. It shouldn't be much of a
load.

Cheers,

Cliff
 
Back
Top