DNS Setup configuration

  • Thread starter Thread starter Darren
  • Start date Start date
D

Darren

Hi, All
Here is my question
I have an A/D domain call mycompany.com and 2 DC's call
server A and Server
B . I currently have A/D integrated zone on Server A ,
also on server A I
have removed my root hints servers and have replaced this
with my ISP DNS
resolvers, and have also enable forwarders on this DNS
server, all my client
within (mycompany.com) domain points to this DNS server
(server A).
I would like to setup another DNS server on server B so I
can have some sort
of fault tolerance if my DNS on server A fails . My goal
is to have all my
clients point to this second DNS server (server B) as a
secondary DNS server
... Do I have to do any special configuration on server B
beside install DNS
services on server B so I can have server B act as a
secondary DNS server.
I thinks this should be all including in A/D and
replicated to each DC, in
addition would my need to delete the root hint server on
server B and
created the same forwarders setup as in server A ?
Thanks
-Darren
 
also on server A I
have removed my root hints servers and have replaced this
with my ISP DNS
resolvers, and have also enable forwarders on this DNS
server, all my client
within (mycompany.com) domain points to this DNS server
(server A).
Click to expand...

Don't do that.

The root hints are for when you have a separate namespace
descending from your own private root ('root hints', get it?)

If you wish to check an external namespace, i.e., THE
Internet only, then just set the internal servers' "forwarding
tab" to the ISP DNS server addresses.

If you want to ensure that you ONLY forward to the ISP, the
check the other box on that SAME FORWARDING tab to
"Do not use recursion" (Do NOT set the Advance property to
disable "recursion" because that also turns off FORWARDING.)


I would like to setup another DNS server on server B so I
can have some sort
of fault tolerance if my DNS on server A fails . My goal
is to have all my
clients point to this second DNS server (server B) as a
secondary DNS server
Click to expand...

It is an alternate. Probably better is half to one for preferred
and half to the other (load balancing) but each listed as alternate.
.. Do I have to do any special configuration on server B
beside install DNS
services on server B so I can have server B act as a
secondary DNS server.
Click to expand...

Avoid confusing secondary (pulls zone file from another
DNS server -- the master -- of that zone) with the client
side setting. The client settings are really unrelated to the
Primary-Secondary server settings.

So no, you setup your servers and there is nothing special
to do to them to support clients (beyond resolve names.)
I thinks this should be all including in A/D and
replicated to each DC, in
addition would my need to delete the root hint server on
server B and
created the same forwarders setup as in server A ?
Click to expand...

You don't need to delete root hints if you have no internal
root to replace them. Just use the Foward tab to list
forwarders (at the ISP) and to "Disable recursion" ON
THAT tab only.
 
Don't delete or change the root hints. You can use them as a backup to
forwarding or instead of - I would do the former. Use a forwarder entry to
point to your ISP for external rez and if that is down for some reason, your
dns server should then use standard iteration using root hints.
--wjs
 
The root hints are for when you have a separate namespace
descending from your own private root ('root hints', get it?)
Click to expand...

huh? If you have a private root, root hints are disabled. When you delete
the "." root zone, root-hints are enabled (or added back) again.

--wjs
 
Thanks Herb your point is taken , however my question remains I need to know
about install a 2nd DNS server on my 2nd DC, what would I need to do ?
Thanks once again
 
If the zone is ad integrated, then just install DNS on the second dc and it
will replicate any ad integrated zones. If zones are primary, then add
secondary zones to the second dc. The first option is recommended.
--wjs
 
Thanks guy, however I have had my DNS server working for over a year now
without the root hints with no probems at all.
Click to expand...

Nobody said it is a problem to not use root-hints and just use forwarding.
When you have both, forwarding will be used first (assuming global
forwarders in w2k), then root-hints. The only point is that in this
config, root-hints does not hurt you at all - it just gives you a backup
just in case the forwarder(s) fail to respond for some reason.
In addtion I need to know
about info on setting up a 2 nd DNS server on my other DC. Can this be done
, what do I need to configure.? If I'm correct since my dns is an A/D zone I
would'nt have to create a zone since DNS info is replicated via A/D, all I
Correct.

would have to do is install the DNS service on my 2nd DC . Then would I have
to recreate the forwarder setting on my 2nd DC ?
Yes

If this is correct then I can have my client via DHCP used this 2nd DNS as a
secondary DNS server ?
Click to expand...

yes

-- "guy"
 
Hi Ace Fekay,

I had same problem. I have AD with one parent domain and 20 child and grand
child domains. Each child domain's DC are configured the preferred DNS
server as ROOT DNS server and alternate DNS server as itself (own DC). I can
able to see all the domain records for all child domain in my ROOT DNS
server. (My DNS is AD-Intergrated)

Root Domain: abc.com.sg
First Child domain: xyz.abc.com.sg
Second Child domain: 123.xyz.abc.com.sg

My questions: 1) Is the above method is correct way to configure the DNS
when we have multiple child domains?
2) Did my child domain's DNS server will replicate
with the ROOT DNS server? For examble. The
DNS records for xyz.abc.com.sg from child domain
DNS server will it replicate with ROOT DNS
server of abc.com.sg?

Regards,
Selva
 
Thanks Herb your point is taken , however my question remains I need to
know
about install a 2nd DNS server on my 2nd DC, what would I need to do ?
Click to expand...

Just do the normal Add/Remove Programs\Windows Components
and add the DNS.

Then use the MMC (dnsmgmt.msc -- I would rather type it than
work through a bunch of start menus) to "Add the SAME zone".

Choose Secondary (and give the IP of the Master-Primary) or
choose AD-Integrated and let the DCs replicate it.
 
Do you suggest I recreate "root hint server" since I have remove this
sometime ago , however I had no problems at all. If so how do I recreate the
hint server in DNS.
Click to expand...

You NEED "root hints" if you wish the server to recurse
from those root servers down through the namespace on
it's own. In that case, the root hints much point to the
"correct" root servers for your situation (internal vs. external
DNS root servers.)

If you forward you may not need them -- there is no reason
to delete them because you can just disable actual recursion
on the Forwarding tab when you choose the forwarder
(usually your gateway/Proxy/Firewall or the ISP's DNS.)

If you have recursion disabled (no actual recursion by this
server) but still allow forwarding then the root hints are
irrelevant.

Ok, if you need to set root hints, how do you know what to
set?

For an internal namespace (i.e., a set of private root servers)
you list THOSE servers.

For (re-connecting yourself to) the Internet you must use the
public servers, which can be found from any machine which
has nslookup (or substitute) and can resolve the Internet names:

nslookup -q=NS .
(There is a lone "." [dot] as the last parameter on the previous
line.)

You can also visit somewhere like (FTP):
ftp://FTP.RS.INTERNIC.NET/domain/named.cache
to download the current set.

In both cases, DNS for the INTERNET has to work
well enough to do these.
 
In
posted their thoughts said:
Hi Ace Fekay,

I had same problem. I have AD with one parent domain and 20 child and
grand child domains. Each child domain's DC are configured the
preferred DNS server as ROOT DNS server and alternate DNS server as
itself (own DC). I can able to see all the domain records for all
child domain in my ROOT DNS server. (My DNS is AD-Intergrated)

Root Domain: abc.com.sg
First Child domain: xyz.abc.com.sg
Second Child domain: 123.xyz.abc.com.sg

My questions: 1) Is the above method is correct way to configure the
DNS when we have multiple child domains?
2) Did my child domain's DNS server will
replicate with the ROOT DNS server? For examble. The
DNS records for xyz.abc.com.sg from child
domain DNS server will it replicate with ROOT DNS
server of abc.com.sg?

Regards,
Selva
Click to expand...

Hi Selva

A better way would be to delegate (from the Forest Root DNS server) the
child zone "xyz.abc.com.sg" to the DNS server in the A"xyz.abc.com.sg"
domain. Then enable a forwarder back to the Forest Root DNS Server. On the
Forest Root DNS server, Forward to your ISP.

Then from the "xyz.abc.com.sg" DNS server, delegate the child zone
"123.xyz.abc.com.sg" to the DNS server in the "123.xyz.abc.com.sg" domain.
Then set a Forwarder to the "xyz.abc.com.sg" DNS server.

Then in "123.xyz.abc.com.sg" DNS server, forward to the "xyz.abc.com.sg" DNS
server.

As for the DCs and clients, in each domain, point only to their own DNS
server.

This is a recommendation and you should have a clean resolving
infrastructure after that.

Here's some more info about Delegation for your reading:
255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248

Here's info on Forwarding:
http://support.microsoft.com/id?=300202

Hope that helps you out.





--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
posted their thoughts said:
Silly me - I guess I could have just posted it.

I had to go look at it to get the exact URL.

Gosh.
Click to expand...

I thought you would have. You had it right in front of you!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hi Ace Fekay,

Thanks for your info.

I would like to clarify about the DNS queries on this delegation method.

Based on the delegation method: If i try to do DNS query from
grand1.child1.parent.com.sg domain to grand2.child2.parent.com.sg domain,
then the server in the grand1 will forward the query to child1 and child1
will forward to parent. Then the parent will forward to child2 and child2
will resolve the DNS query since it has delegation for the grand2 child
domain. Is the way DNS query works in this method? In the case there will be
more traffic on the network and also DNS performance problem will be occurs.
Please clear me on this issue.

My AD structure is as follows:

Parent.com.sg
|
|
Child1.parent.com.sg
| |
| |
| Grand1.child1.parent.com.sg
|
Child2.parent.com.sg
| |
| |
| Grand2.child2.parent.com.sg


Regards,
Selva
 
Herb /Ace thanks guys I learnt alot about DNS in the last couple days from
these threads.
-Darren
 
In
posted their thoughts said:
Hi Ace Fekay,

Thanks for your info.

I would like to clarify about the DNS queries on this delegation
method.

Based on the delegation method: If i try to do DNS query from
grand1.child1.parent.com.sg domain to grand2.child2.parent.com.sg
domain, then the server in the grand1 will forward the query to
child1 and child1 will forward to parent. Then the parent will
forward to child2 and child2 will resolve the DNS query since it has
delegation for the grand2 child domain. Is the way DNS query works in
this method? In the case there will be more traffic on the network
and also DNS performance problem will be occurs. Please clear me on
this issue.

My AD structure is as follows:

Parent.com.sg


Regards,
Selva


"Ace Fekay [MVP]"
Click to expand...

I see, so you have mutliple childs? If that is the case, it would require to
put in a Secondary zone of child1 into child2's DNS and vice-versa. This
would be true with all the child domains.

Hope that helps.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Herb /Ace thanks guys I learnt alot about DNS in the last couple days from
these threads.
Click to expand...

And actually I, er, didn't post the list for you so that
you would know how to, er, find your own next time
<scrape, shuffle, cough>

Seriously, if you ever lose these then usually you can go
look in your System32\DNS directory for the cache file.
Even if you change the root servers I think it still has the
defaults THERE (the new ones are in the registry probably).

The original file (it's worth copying it to *.sav too) always
has the URL to get a new copy.
 
Back
Top