dns setup

  • Thread starter Thread starter concern
  • Start date Start date
C

concern

All,

I need a little help on setting up my dns properly. I did
the obvious and use thre dns wizard in active directory
to setup my active directory integrated dns. i want to
change the configuration. I have 3 domain controllers and
this is how I want to make my change.

1) I want to setup 1 domain controller (domaina) with a
forwarder to the isp.
2) I will remove the root hints from all domain
controllers.
3) Setup all domain controllers with self as preferred
and domaina as secondary. I have read conflicting setups
on this. One setup was to place domainA as preferrred and
other domain controller as secondary.
4) Setup all clients for domaina as preferred and their
local domain controller as secondary.
5) remove the isp dns as third and fourth dns for the
clients.

Is this the right step I am doing?

Also how do I force my clients ensure my clients are
looking at thier local domain controllers for resolution
when they boot up.

Amy help will be greatly appreciated.
 
In
concern said:
All,

I need a little help on setting up my dns properly. I did
the obvious and use thre dns wizard in active directory
to setup my active directory integrated dns. i want to
change the configuration. I have 3 domain controllers and
this is how I want to make my change.

1) I want to setup 1 domain controller (domaina) with a
forwarder to the isp.
2) I will remove the root hints from all domain
controllers.
Click to expand...

There is no need to do this, if you do not want DNS to refer to the root
servers if the forwarder fails, check the "Do not use recursion" box on the
Forwarders tab.
3) Setup all domain controllers with self as preferred
and domaina as secondary. I have read conflicting setups
on this. One setup was to place domainA as preferrred and
other domain controller as secondary.
Click to expand...

This depends on the domain hierarchy, if you are going to use DNS servers
for a different AD domain, that DNS server must be able to resolve the
domain the member belongs to.
This is generally not a big problem for parent child related domains you
would just use the parent as the forwarder for the child and delegate the
name of the child in the parent to the child DNS server.
If you are talking about two domains that are not in the parent child
hierarchy, then you need a zone for both domains in DNS.
4) Setup all clients for domaina as preferred and their
local domain controller as secondary.
Click to expand...

Just remember both DNS servers must be able to resolve both domains.
5) remove the isp dns as third and fourth dns for the
clients.
Click to expand...

You need to do that anyway, do not use an ISP's DNS in any position on any
domain member, period.
Is this the right step I am doing?

Also how do I force my clients ensure my clients are
looking at thier local domain controllers for resolution
when they boot up.
Click to expand...

Make sure any DNS server that is in the NIC setup can resolve its AD domain.
This is a must.
 
There is no hard set rule for which DNS server to point as the prefered. For simplicity I also recommend pointing to the nearest
DNS server as the primary and then point to the next nearest DC as the secondary. I also would not recommend removing root
hints on the servers. There usually very little reason to do this. If you really really want to keep the server from querying root
hints, enable the "Do not use recursion" option on the forwarders tab. Make sure you only do this on the forwarders tab. Do not
enable this option on the Advanced tab.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from
which they originated.
 
Kevin,

Thanks for your help. I only have one domain and I have
domain controllers in diff branches. domaina referes to a
domain controller on the network.
 
In
concern said:
Kevin,

Thanks for your help. I only have one domain and I have
domain controllers in diff branches. domaina referes to a
domain controller on the network.
Click to expand...
All domain controllers are in the same domain?

Please give example of your domain hierarchy. This is important to know so I
can advise if you are using the correct setup.
Incorrectly setting up DNS can cause slow logons, errors, and not the least,
DNS loops. DNS loops are probably the most disastrous, because it will cause
DNS servers to crash.
 
Thanks Kevin,

Here is my setup. I have one domain (blah.com). I have
seven braches that have thier own domain controllers. I
have 3 domain controllers at hq. Each domain controller
has itself as primary dns and another domain controller
as secondary. Each branch domain controller has one
domain controller in hq as secondary dns.

In DHCP the client setup for dns is as follows:

primary dns is dc local to cleint. So branch client will
point to dc at branch. secondary dns is domain controller
at hq. 3rd dns server is public and 4th dns is public dns.


per your advice I should remove public dns from clients
and setup on all dc forwarders to public address. Setup
dns not to use recursive so clients will not use public
isp for login. Is this right?
 
In
concern said:
Thanks Kevin,

Here is my setup. I have one domain (blah.com). I have
seven braches that have thier own domain controllers. I
have 3 domain controllers at hq. Each domain controller
has itself as primary dns and another domain controller
as secondary. Each branch domain controller has one
domain controller in hq as secondary dns.

In DHCP the client setup for dns is as follows:

primary dns is dc local to cleint. So branch client will
point to dc at branch. secondary dns is domain controller
at hq. 3rd dns server is public and 4th dns is public dns.


per your advice I should remove public dns from clients
and setup on all dc forwarders to public address.
Click to expand...
Yes, remove the ISP's DNS from all client and DC NICs and set DNS to forward
to ISP. Checking the box "Do not use recursion" Is generally not required in
a single domain such as yours. If you had a child domain using the parent
DNS as a forwarder you would or if you where using an expensive or slow link
to the internet.
Setup
dns not to use recursive so clients will not use public
isp for login. Is this right?
Click to expand...
So long as all DNS servers have a zone for the AD domain the ISP's DNS will
not be queried for your local domain.
 
Back
Top