Yes, you'll see slow logons, and if you're not allowing cached credentialsLeythos said:"Lanwench [MVP - Exchange]"
message
My internal DNS server doesn't go down unless I take it down, generally
speaking, and I don't do that during business hours. See Kevin's reply
as
well - you can set up your networks as you like, but you aren't doing
it
properly if you use your ISP's DNS servers on any server or client on
your
network, and I assure you that this *does* cause problems.
Leythos, feel free to configure your network as you like, but you'll be
better off in the long run if you follow teh suggestions in this thread.
Best of luck to you : ).
Matt, and others - I agree with the above. It's definitely not the MS
way, not the approved MS way, but, the entire point of the conversation
was for me to learn WHAT PROBLEMS this setup causes. I've read one post
that described a number of issues with resolution of DNS if there is an
internal problem. I duplicated the DNS problem and when recovered it did
not exhibit the described problem.
My entire interest in this thread is only to learn about the problem,
not the proper MS way of configuring it, and to learn about what impact
it can have on my network. Based on everyone's comments I should be able
to see problems, but I'm unable to see them, and the domain requests do
not leave the local network (I would see them in the firewall logs if
they did).
So, here's a question for you: Have you tried it exactly like I describe
and seen the problem on YOUR networks? I'm not talking about some text-
book lab example, I'm talking about a network with 50+ active nodes and
multiple servers.
Yes, you'll see slow logons, and if you're not allowing cached credentials
even failed logons. Take your DC down (all of them) and try to log on the
network. You may find it take a long time to build the domain list and
other issues. I understand your post now, I hope this helps.
Glad to help!Leythos said:Thanks Matt, that was what I was trying to determine from all of this. I
appreciate you wading through my replies.
Leythos said:Matt, and others - I agree with the above. It's definitely not the MS
way, not the approved MS way, but, the entire point of the
conversation was for me to learn WHAT PROBLEMS this setup causes.
I've read one post that described a number of issues with resolution
of DNS if there is an internal problem. I duplicated the DNS problem
and when recovered it did not exhibit the described problem.
My entire interest in this thread is only to learn about the problem,
not the proper MS way of configuring it, and to learn about what
impact it can have on my network. Based on everyone's comments I
should be able to see problems, but I'm unable to see them, and the
domain requests do not leave the local network (I would see them in
the firewall logs if they did).
So, here's a question for you: Have you tried it exactly like I
describe and seen the problem on YOUR networks? I'm not talking about
some text- book lab example, I'm talking about a network with 50+
active nodes and multiple servers.
I wouldn't dream of trying it. I don't see the point, when setting it up in
'textbook fashion' works as well as it does. If your internal DNS servers
are falling down going boom on their own all the time, that's another story!
But again, to each his own.
Leythos said:But this is what separates the brave, or sometimes stupid (not meaning
you) from the rest of the world. I started working with DNS on Windows
before I could find a good paper on it and before MS provided clear
papers on it. The setups have been working for many years with nothing
to report on as problems.
I've learned a couple things, and don't take this wrong, I love the
Windows platform, have many of them and make a living from them, but
there is this old saying "There is the right way, the wrong way, and
the Microsoft way". In my case, it's not the MS way, but it does not
appear to be the wrong way in actual operation, at least not in any
of the networks I've setup like this.
I'll take everything under consideration, and I've not discounted any
of it, but it's hard to see a reason to change when the current
method is not degrading performance, has been working for years, and
does not cause any unnecessary external traffic.
Thanks for your time.
--