No DNS Redundancy

  • Thread starter Thread starter Andy
  • Start date Start date
A

Andy

Hello,

I have the following setup:

Site West - domain1.com:
Domain1 Domain Controller 1 <root (1st DC brought up), GC>
Domain1 Domain Controller 2 <infrastructure master>

Site East - domain2.com:
Domain2 Domain Controller 1 <GC>
Domain2 Domain Controller 2 <infrastructure master>

(All other FSMO roles owned by GC server)

The problem I'm encountering is this:

The two sites are linked via a point-to-point VPN. If a
DC in site east goes down, everything is still able to
function normally. If a DC (either one) goes down in site
west, then the entire forest loses the ability to resolve
DNS, and users at both sites are unable to login to their
Win2k pro machines.

My DNS setup is as follows:

Domain1 DC1 and DC2 are AD integrated DNS servers for
Domain1. They also hold secondary DNS zones for Domain2.
The reverse is true of Domain2 DC1 and DC2.

My understanding of how the system works is that each DC
should be able to operate independently, being able to
failover for each other in the event one goes down. Can
anyone help explain the reasons for the problem that I'm
experiencing? Thanks in advance!

--Andy
 
The two sites are linked via a point-to-point VPN. If a
DC in site east goes down, everything is still able to
function normally. If a DC (either one) goes down in site
west, then the entire forest loses the ability to resolve
DNS, and users at both sites are unable to login to their
Win2k pro machines.
Click to expand...

How are the client's configured. It's not so much that "they
fail over" as that the clients can be set to use the "other DNS"
as their (additional) alternates. (NIC properties for
IP\Advanced\Servers...
Domain1 DC1 and DC2 are AD integrated DNS servers for
Domain1. They also hold secondary DNS zones for Domain2.
The reverse is true of Domain2 DC1 and DC2.
Click to expand...

Are the DCs in each domain really DC1 and DC2? While
technically legal, and will work just fine with qualified domain
names it breaks for legacy clients or anything using NetBIOS
(like the browser.)
My understanding of how the system works is that each DC
should be able to operate independently, being able to
failover for each other in the event one goes down. Can
anyone help explain the reasons for the problem that I'm
experiencing? Thanks in advance!
Click to expand...

They clients must list each DNS server they MIGHT need to
use.
 
Verify that the clients are pointing at the correct DNS servers. Try using NSLOOKUP from the clients to determine where the name resolution failure is occuring.
As far as the names of the DCs, if WINS is in the picture, then this can be a problem. WINS being a flat name space, when they query for DC1 they may get
DC1 from the other domain. If the client then tries to authenticate agains this DC, it will fail. Name conflict may also be reported due to the duplicate names.
This will often cause netbios on the DCs to shut down.

Thank you,
Mike Johnston



This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
 
Back
Top