Placeholder Domain Model and DNS Configuration

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I'm setting up a lab to mirror an existing forest in which there is an empty
root placeholder domain. I'm not very versed in DNS, but I've read a great
deal on DNS best practices on MSDN. I'm still not 100% sure that I've got
DNS configured as best as it can be for the placeholder domain model and the
naming of the other domains in the forest.

The placeholder domain is named corp.local. It's running Windows 2000
Advanced Server SP4 and its schema has been prepped for Windows Server 2003
integration into the forest. There are 2 other domains that have been added
to the forest named brand1.local and brand2.local, one of which is also
running Windows 2000 Advanced Server SP4 and the other Windows Server 2003
Enterprise Edition. Because of the nature of the business, these domains
were not named brand1.corp.local and brand2.corp.local. That was an absolute
requirement.

Each domain controller is running a DNS server and is authoritative for its
respective zone. The zones are all Active Directory integrated and set to
accept only secure dynamic updates. I've broken out the _msdcs forward
lookup zone for corp.local as a separate forward lookup zone on corp.local's
DNS server as recommended by Microsoft best practices and added secondary
forward lookup zones for it on each of the brand1.local and brand2.local DNS
servers.

On corp.local, I configured forwarders for the brand1.local and brand2.local
DNS servers. On brand1.local, I configured forwarders for the corp.local and
brand2.local DNS servers. And on brand2.local, I configured forwarders for
the corp.local and brand1.local DNS servers.

Each of the domain controllers is pointed to itself for DNS lookups.

Does this DNS configuration sound valid? One of the main problems I'm
having is that the DNS service memory usage grows exponentially in this
configuration, seemingly getting stuck in an endless loop of some sort.

Thanks in advance,

Mike
 
Mike said:
I'm setting up a lab to mirror an existing forest in which there is an empty
root placeholder domain. I'm not very versed in DNS, but I've read a great
deal on DNS best practices on MSDN. I'm still not 100% sure that I've got
DNS configured as best as it can be for the placeholder domain model and the
naming of the other domains in the forest.


Make your life easy, just put both zones on EVERY DNS
server.

If you are running Win2000, this will mean Secondaries
in the "one zone" that reference that reference the "other
zone" (and vice versa.)

For Win2003 DNS you can use Secondaries, Stub zones,
or even just Conditionally forward but it comes out to
NEARLY the same thing: Every DNS server can resolve
ever machine in the domain AND in the whole (2 domain
forest.)

[Ok, there are also all sorts of fancy forest based
and application partitioned based AD-Integrated
methods if you have Win2003 DCs for this.]
 
I actually originally did what you suggested, but it seemed somewhat
redundant and maybe possibly better done another way with forwarders, etc. I
did find some info on transferring FSMO to and replicating all the zones
throughout the forest, which would probably give me what I'm looking for.
But I guess it's not worth the trouble...it is a lab after all. I'd just
rather do it "right" if at all possible.

Thanks,

Mike

Herb Martin said:
Mike said:
I'm setting up a lab to mirror an existing forest in which there is an empty
root placeholder domain. I'm not very versed in DNS, but I've read a great
deal on DNS best practices on MSDN. I'm still not 100% sure that I've got
DNS configured as best as it can be for the placeholder domain model and the
naming of the other domains in the forest.


Make your life easy, just put both zones on EVERY DNS
server.

If you are running Win2000, this will mean Secondaries
in the "one zone" that reference that reference the "other
zone" (and vice versa.)

For Win2003 DNS you can use Secondaries, Stub zones,
or even just Conditionally forward but it comes out to
NEARLY the same thing: Every DNS server can resolve
ever machine in the domain AND in the whole (2 domain
forest.)

[Ok, there are also all sorts of fancy forest based
and application partitioned based AD-Integrated
methods if you have Win2003 DCs for this.]

--
Herb Martin

The placeholder domain is named corp.local. It's running Windows 2000
Advanced Server SP4 and its schema has been prepped for Windows Server 2003
integration into the forest. There are 2 other domains that have been added
to the forest named brand1.local and brand2.local, one of which is also
running Windows 2000 Advanced Server SP4 and the other Windows Server 2003
Enterprise Edition. Because of the nature of the business, these domains
were not named brand1.corp.local and brand2.corp.local. That was an absolute
requirement.

Each domain controller is running a DNS server and is authoritative for its
respective zone. The zones are all Active Directory integrated and set to
accept only secure dynamic updates. I've broken out the _msdcs forward
lookup zone for corp.local as a separate forward lookup zone on corp.local's
DNS server as recommended by Microsoft best practices and added secondary
forward lookup zones for it on each of the brand1.local and brand2.local DNS
servers.

On corp.local, I configured forwarders for the brand1.local and brand2.local
DNS servers. On brand1.local, I configured forwarders for the corp.local and
brand2.local DNS servers. And on brand2.local, I configured forwarders for
the corp.local and brand1.local DNS servers.

Each of the domain controllers is pointed to itself for DNS lookups.

Does this DNS configuration sound valid? One of the main problems I'm
having is that the DNS service memory usage grows exponentially in this
configuration, seemingly getting stuck in an endless loop of some sort.

Thanks in advance,

Mike
 
Mike said:
I actually originally did what you suggested, but it seemed somewhat
redundant and maybe possibly better done another way with forwarders, etc.
I

Forwarders won't really work in Win2000
(lack of CONDITIONAL forwarding) if you
also wish to resolve the Internet.
did find some info on transferring FSMO to and replicating all the zones
throughout the forest, which would probably give me what I'm looking for.

FSMO is unrelated to DNS and there are separate
FSMO roles for 3 of them -- two others are Forest
wide.

But I guess it's not worth the trouble...it is a lab after all. I'd just
rather do it "right" if at all possible.

Do it so it works and is efficient. That is
what is "right."

--
Herb Martin

Thanks,

Mike

Herb Martin said:
Mike said:
I'm setting up a lab to mirror an existing forest in which there is an empty
root placeholder domain. I'm not very versed in DNS, but I've read a great
deal on DNS best practices on MSDN. I'm still not 100% sure that I've got
DNS configured as best as it can be for the placeholder domain model
and
the
naming of the other domains in the forest.


Make your life easy, just put both zones on EVERY DNS
server.

If you are running Win2000, this will mean Secondaries
in the "one zone" that reference that reference the "other
zone" (and vice versa.)

For Win2003 DNS you can use Secondaries, Stub zones,
or even just Conditionally forward but it comes out to
NEARLY the same thing: Every DNS server can resolve
ever machine in the domain AND in the whole (2 domain
forest.)

[Ok, there are also all sorts of fancy forest based
and application partitioned based AD-Integrated
methods if you have Win2003 DCs for this.]

--
Herb Martin

The placeholder domain is named corp.local. It's running Windows 2000
Advanced Server SP4 and its schema has been prepped for Windows Server 2003
integration into the forest. There are 2 other domains that have
been
added
to the forest named brand1.local and brand2.local, one of which is also
running Windows 2000 Advanced Server SP4 and the other Windows Server 2003
Enterprise Edition. Because of the nature of the business, these domains
were not named brand1.corp.local and brand2.corp.local. That was an absolute
requirement.

Each domain controller is running a DNS server and is authoritative
for
its
respective zone. The zones are all Active Directory integrated and set to
accept only secure dynamic updates. I've broken out the _msdcs forward
lookup zone for corp.local as a separate forward lookup zone on corp.local's
DNS server as recommended by Microsoft best practices and added secondary
forward lookup zones for it on each of the brand1.local and
brand2.local
DNS
servers.

On corp.local, I configured forwarders for the brand1.local and brand2.local
DNS servers. On brand1.local, I configured forwarders for the
corp.local
and
brand2.local DNS servers. And on brand2.local, I configured
forwarders
for
the corp.local and brand1.local DNS servers.

Each of the domain controllers is pointed to itself for DNS lookups.

Does this DNS configuration sound valid? One of the main problems I'm
having is that the DNS service memory usage grows exponentially in this
configuration, seemingly getting stuck in an endless loop of some sort.

Thanks in advance,

Mike
 
Back
Top