Multiple DNS servers

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I'll do the best I can to explain what I have here...
I have 3 dns servers (used for failover)

For naming purposes, we'll call them server1,2 and 3

DNS has one forwarder pointing to our firewall 10.1.1.1

In the networking properties of each server, I have each of them pointing to
the other 2 (under the dns tab) for resolving.

For example,
server1 points to server2 and 3
server 2 points to server 1 and 3
server 3 points to server 1 and 2

recurrsion is not disabled
this is AD enabled
I don't remember during the dns install asking if the designation should be
primary, secondary or caching.

I'm just wondering if this sounds correct?

Thanks
 
dphillips said:
I'll do the best I can to explain what I have here...
I have 3 dns servers (used for failover)

For naming purposes, we'll call them server1,2 and 3
DNS has one forwarder pointing to our firewall 10.1.1.1
Click to expand...

On each server, right?
In the networking properties of each server, I have each of them pointing
to
the other 2 (under the dns tab) for resolving.
Click to expand...

I generally disapprove of that -- preferring to include
the SAME server somewhere in that list, and usually
first for performance.
For example,
server1 points to server2 and 3
server 2 points to server 1 and 3
server 3 points to server 1 and 2
Click to expand...

Add all three (in some order) to the list
recurrsion is not disabled
Click to expand...

Why not? You are forwarding so do you really
want the DNS servers to also recurse AND to need
to visit places like "EvilHackersRUs.com" ?
this is AD enabled
I don't remember during the dns install asking if the designation should
be
primary, secondary or caching.
Click to expand...

That is not a server concept nor prompted at install despite
the common DNS terminology of "Primary Server" etc.

Technically a DNS server is Primary FOR a Zone (or Secondary etc.)

So you get this prompt when you configure EACH zone
on that server (in the wizard.)

You chose Primary WITH DNS Integration (or changed
that subsequently) apparently though.
I'm just wondering if this sounds correct?
Click to expand...

Other than my few quibbles it sounds ok.

Does it work? Have you run DCDiag on each and
every DC?

Do the other two DNS servers (i.e., all three) have the zone
for your AD Domain? Is it dynamic?


General recommendations concerning DNS for AD:

1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
 
Back
Top