DNS ??? and two dedicated Web Servers Running DNS on both.

[=Cobra=]

Can anyone point me in the right direction..... I have a series of
questions, relating to a budget Web Hosting setup, First I will start out
with my setup.

PRIMARY
(1) Dell Poweredge 4400 on a T1 with a dedicated IP at location "A" Windows
2000 Server, IIS5, Imail Email Server

BACKUP
(1) Dell Poweredge 4400 on a ADSL 1.5/768 with Static IP at Location "B",
Windows 2000 Server, IIS 5, Imail Email Server (Backup/Holding for primary
server)

(Both are at different locations to build redundancy if a power failure,
either server can handle the load on its own I believe, so load balancing is
not a issue, just reduncy)

I am trying to build a redundant system, I will be hosting public websites
utilizing Active Directory for logon to private sections, as well as some
purely public websites. I am on a tight budget, but traffic will be limited
(50 sites with 200 users each - so probably no more than 2000 users at any
given time) . Neither server will require LAN access to the local network
computers. I am planning on using Pix 501 firewalls at both locations.

Questions, Some are DNS, others probably belong in a different group and I
will;

1) I have a registered domain name test.com, at the registar should these
point to its own future dns servers db1.test.com (Computer A) and
db2.test.com (Computer B) ?

Will my nameservers advertise themselves after setup and 24+ hours to
propagate or do I to direct my T1 and ADSL providers to make adjustments in
their DNS ?

2) When setting up Windows 2000 server, should the domain be test.com or
test.local ? and should both webservers be setup as Domain Controllers (DC)

3) When setting up the first domain test.com, should the forwarders on both
be set as "Active Directory Integrated" or primary "A" machine as "Standard
Primary" and the backup "B" machine as "Standard Secondary" (I will be
wanting to replicate "Active Directory" to maintain the private site logons
between the two machines)

I have read and read and read, and have not seen anything with my same
setup, I am sure once I get the "DNS" servers setup and make attempts to
setup the actual sites I will be back with more questions, but I will be
happy just to get things started correctly on setting up these DNS servers.

Mucho Thanks,

=Cobra=
(e-mail address removed)
..

 

[Herb Martin]

1) I have a registered domain name test.com, at the registar should these

point to its own future dns servers db1.test.com (Computer A) and
db2.test.com (Computer B) ?

They should point to the CURRENT (not future) DNS servers -- you
are really supposed to have the DNS operational before changing the
registration (until then you leave them pointed at the registrar's place
holder DNS.)

If you use your own DNS servers on these machines, you might wish
to make TWO primaries DNS servers (not the usual case) with each
manually configured. Each will hold ONLY an A record for the web
server on the SAME machine -- now if the server goes down the other
DNS server won't still be pointing to it (losing half your customers.)

DNS resolvers typically check multiple DNS servers (until one is found)
but Web clients just fail if the (first address for the) Web server is
unreachable.

Will my nameservers advertise themselves after setup and 24+ hours to
propagate or do I to direct my T1 and ADSL providers to make adjustments in
their DNS ?

Neither. You direct the registrar to change your registration with the
PARENT
zone, so for "test.com", the .Com zone is updated to delegate "test" to your
servers -- right now they are probably pointed at place holder servers at
the
registrar.

2) When setting up Windows 2000 server, should the domain be test.com or
test.local ? and should both webservers be setup as Domain Controllers

(DC)

Depends on what you want -- both are workable but with Test.Com you will
setup a PRIVATE, INTERNAL version of the DNS and a PUBLIC external
version of the DNS (with only public resources listed.)

I wasn't clear exactly what or whether you would be exposing AD resources
on the Internet but if so this would perhaps modify my recommendation/answer
question #2 and we would likely need more detail.

Separating Internal/External DNS is usually called "shadow DNS" or "split
DNS" (even the very ugly term 'split brain').

The idea is to BREAK replication from internal to external to keep internal
records from propagating to the Internet -- this means that all external
resource
records must be MANUALLY maintained on both the external and the internal
(unless the zones have different names as in your test.local).

3) When setting up the first domain test.com, should the forwarders on both
be set as "Active Directory Integrated" or primary "A" machine as "Standard
Primary" and the backup "B" machine as "Standard Secondary" (I will be
wanting to replicate "Active Directory" to maintain the private site logons
between the two machines)

Normally the PUBLIC DNS for the zone will NOT forward -- the world
will use these to resolve YOUR resources and you really don't want them
to also provide recursion and forwarding.

Normally the INTERNAL DNS servers for AD will forward to the firewall
or ISP's DNS server (they do NOT have to forward to the same servers
as the external version of their zone and these may not even be good choices
for forwarders.) Forward to the most EFFICIENT external name space
server.

I have read and read and read, and have not seen anything with my same
setup, I am sure once I get the "DNS" servers setup and make attempts to
setup the actual sites I will be back with more questions, but I will be
happy just to get things started correctly on setting up these DNS

servers.

That's because you are looking for comparisons to the "whole" solution;
the trick is to break this down into "DNS", then internal and external, etc.

If after you solve EACH portion of the problem you are able to use some
of the same servers to play multiple roles that is just how architecture
gets
implemented.

 

[Jonathan de Boyne Pollard]

C> 1) I have a registered domain name test.com,

No, you have not. That domain belongs to Test Central,
Incorporated, of Cleveland, Ohio, United State.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dont-obscure-your-dns-data.html>

C> Will my nameservers advertise themselves after setup and 24+
C> hours to propagate or do I to direct my T1 and ADSL providers
C> to make adjustments in their DNS ?

DNS doesn't operate with an advertise/propagate push model. It
operates with a lookup/cache pull model.

The people who need to make adjustments to what their content DNS
servers are publishing are the people who own the superdomains that
enclose the domains that you own.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-switching-content-servers.html#EditSuperdomain>

C> 3) When setting up the first domain test.com, should the forwarders
C> on both be set as "Active Directory Integrated" or primary "A"
C> machine as "Standard Primary" and the backup "B" machine as
C> "Standard Secondary" [...?]

Forwarding is configured with the IP address(es) of proxy DNS
server(s). It is one of the mechanisms of proxy DNS service,
determining what other servers your server sends any of its
back-end queries to. "zone" types are aspects of your DNS
database, and are a part of content DNS service, for the
domains whose data you are publishing. One doesn't configure
forwarding to be "active directory integrated". That's
meaningless.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/bind-big-picture.html>