DNS Replication

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I'm an admin at a large company and we have 100's of sites and many Domain
controllers. When I make a change on the primary DNS server I usually just
tell our users to wait 6-24 hours for the change to replicate....just to
cover me :) Is there a tool that can query all of the DNS servers to see what
IPs they have for a particular entry? It seems like there is always a few
sites that take days to get a new address and I'd like to have more
information on who has the new address...and who does not...and find out why!!
Thanks for any help!
 
basin said:
I'm an admin at a large company and we have 100's of sites and many Domain
controllers. When I make a change on the primary DNS server I usually just
tell our users to wait 6-24 hours for the change to replicate....just to
cover me :)

Are you really using a true (i.e., Standard) Primary for such a
large network?

If so switch to AD-Integrated.

Then when making a change, connect to the DC in the site
where the change will be needed first. (e.g., local to the
user/systems in question.)
Is there a tool that can query all of the DNS servers to see what
IPs they have for a particular entry? It seems like there is always a few
sites that take days

Then your replication is setup incorrect (or maybe just badly.)

This is a SITES and Services configuration issue.
to get a new address and I'd like to have more
information on who has the new address...and who does not...and find out
why!!

You can probably find something like this written in Perl.
It would be fairly easy to create in Perl and there is a large
group of Perl programmers who offer such tools. (Google...)
Thanks for any help!

Not the answer to your checking tool request, but if you are
experiencing such replication problems you should run
DCDiag against all DCs (it will check for correct DC entries
across DNS) -- fix any problems.

Tell us about your site architecture and Frequency/Schedule
settings on the SiteLinks.
 
It actually IS AD integrated as the properties on the zone specify. I CAN
add the entry directly to the domain controller on site and regularly do. I
guess I just refer to our DC here at the datacenter as "primary" since I
usually make the changes there. Sorry for the confusion.
These DNS changes are changes for websites that the ENTIRE company uses, so
it needs to get out to all of the DCs in a timely manner, not just for a
particular site location. I'm looking in the web logs and still see people
hitting the old site...and I made the DNS change two days ago:) Surely it
cant be cached locally on the users PC for that long.
Thanks for the quick reply.
I'll ask our architecture group about dcdiag and see what I can find.

Herb Martin said:
basin said:
I'm an admin at a large company and we have 100's of sites and many Domain
controllers. When I make a change on the primary DNS server I usually just
tell our users to wait 6-24 hours for the change to replicate....just to
cover me :)

Are you really using a true (i.e., Standard) Primary for such a
large network?

If so switch to AD-Integrated.

Then when making a change, connect to the DC in the site
where the change will be needed first. (e.g., local to the
user/systems in question.)
Is there a tool that can query all of the DNS servers to see what
IPs they have for a particular entry? It seems like there is always a few
sites that take days

Then your replication is setup incorrect (or maybe just badly.)

This is a SITES and Services configuration issue.
to get a new address and I'd like to have more
information on who has the new address...and who does not...and find out
why!!

You can probably find something like this written in Perl.
It would be fairly easy to create in Perl and there is a large
group of Perl programmers who offer such tools. (Google...)
Thanks for any help!

Not the answer to your checking tool request, but if you are
experiencing such replication problems you should run
DCDiag against all DCs (it will check for correct DC entries
across DNS) -- fix any problems.

Tell us about your site architecture and Frequency/Schedule
settings on the SiteLinks.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
 
In
basin said:
It actually IS AD integrated as the properties on the zone specify.
I CAN add the entry directly to the domain controller on site and
regularly do. I guess I just refer to our DC here at the datacenter
as "primary" since I usually make the changes there. Sorry for the
confusion.
These DNS changes are changes for websites that the ENTIRE company
uses, so it needs to get out to all of the DCs in a timely manner,
not just for a particular site location. I'm looking in the web logs
and still see people hitting the old site...and I made the DNS change
two days ago:) Surely it cant be cached locally on the users PC for
that long.
Thanks for the quick reply.
I'll ask our architecture group about dcdiag and see what I can find.

AD Integrated zones replication is based on AD's replication, since it is
stored in the actual AD database. If you have sites setup and the Site links
are setup to replicate at certain intervals, you have to wait for that
interval to occur.

If your sites are setup in a chain, say SiteA is connected to SiteB, and
SiteB is connected to SiteC, then for a change from SiteA to go to SiteC
will take double the time or more, depending on overlapping or
non-overlapping time schedules and time zones. This is a difficult thing to
get around. Maybe in this case you can create a Site-Link-Bridge Connector
between SiteA and SiteC to expediate replication, but it will still be based
on when the connector is allowed to replicate, meaning it's replication
schedule and frequency configured on the Site connector. No other way around
this.


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Microsot Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
 
basin said:
It actually IS AD integrated as the properties on the zone specify. I CAN
add the entry directly to the domain controller on site and regularly do.
I
guess I just refer to our DC here at the datacenter as "primary" since I
usually make the changes there. Sorry for the confusion.

Even Microsoft is confused about the terminology -- in Win2000
they made a clean distinction between AD-Integrated vs. Primary.

In Win2003 they frequently use the term AD-Integrated Primary
which did NOT help matters.
These DNS changes are changes for websites that the ENTIRE company uses,
so
it needs to get out to all of the DCs in a timely manner,

Understood but usually such changes are MORE critical the closer
to the server you are.

Why are you making these changes by hand? Why no automatic
registration?
...not just for a
particular site location. I'm looking in the web logs and still see people
hitting the old site...and I made the DNS change two days ago:) Surely it
cant be cached locally on the users PC for that long.

Could be. What are you TTL settings? How are your replication Site
Links configured?

What do tools like ReplMon and DCDiag tell you about replication.
Thanks for the quick reply.
I'll ask our architecture group about dcdiag and see what I can find.

Are you an Admin of the Domain? If not, this is really their problem and
you need help to solve it. (Yes I understand you need it solved too.)

With AD-Integrated DNS only a Domain Admin is in a position to
effectively fix it.

My guess is they have replication and or site links screwed up but without
details this is JUST A GUESS based on your "two day" reports.




--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Herb Martin said:
basin said:
I'm an admin at a large company and we have 100's of sites and many
Domain
controllers. When I make a change on the primary DNS server I usually
just
tell our users to wait 6-24 hours for the change to replicate....just
to
cover me :)

Are you really using a true (i.e., Standard) Primary for such a
large network?

If so switch to AD-Integrated.

Then when making a change, connect to the DC in the site
where the change will be needed first. (e.g., local to the
user/systems in question.)
Is there a tool that can query all of the DNS servers to see what
IPs they have for a particular entry? It seems like there is always a
few
sites that take days

Then your replication is setup incorrect (or maybe just badly.)

This is a SITES and Services configuration issue.
to get a new address and I'd like to have more
information on who has the new address...and who does not...and find
out
why!!

You can probably find something like this written in Perl.
It would be fairly easy to create in Perl and there is a large
group of Perl programmers who offer such tools. (Google...)
Thanks for any help!

Not the answer to your checking tool request, but if you are
experiencing such replication problems you should run
DCDiag against all DCs (it will check for correct DC entries
across DNS) -- fix any problems.

Tell us about your site architecture and Frequency/Schedule
settings on the SiteLinks.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
 
Back
Top