Two questions on DNS, AD integrated

  • Thread starter Thread starter Marlon Brown
  • Start date Start date
M

Marlon Brown

1) I have existing DNS primary and secondary. I will make my primary DNS
server an active-directory DNS integrated zone.
Question:
I know DNS data is going to be replicated to all DC's. Does the DNS data
replicated too all DC's include all type of records (A), (CN), etc or only
the SRV RR records get replicated ?

2) On DHCP servers I make my clients point to DNS1 and DNS2 servers (which
will be now DCs, serving DNS servers).
I know that in DNS-ADI, one of the advantages is that clients in remote
branches would go the DC in the local site when looking up DNS data ? Is
that correct ?
The problem, how can clients point to local DC if the DNS IP Primary DNS IP
Secondary are looking for DNS1 and DNS2 (which are servers located in the
main office).
 
Marlon Brown said:
1) I have existing DNS primary and secondary. I will make my primary DNS
server an active-directory DNS integrated zone.
Ok.

Question:
I know DNS data is going to be replicated to all DC's. Does the DNS data
replicated too all DC's include all type of records (A), (CN), etc or only
the SRV RR records get replicated ?
Click to expand...

The entire zone that is AD-integrated replicates.

What we are doing is storing the entire zone in AD.

So when AD replicates it replicates ALL records (in
that zone.)
2) On DHCP servers I make my clients point to DNS1 and DNS2 servers (which
will be now DCs, serving DNS servers).
Click to expand...

Ok. You should generally point about half of them
the other way around DNS2 as "preferred" and DNS1
as "alternate."
I know that in DNS-ADI, one of the advantages is that clients in remote
branches would go the DC in the local site when looking up DNS data ? Is
that correct ?
Click to expand...

Yes. You should set the clients (or DHCP scopes) up
that way.
The problem, how can clients point to local DC if the DNS IP Primary DNS IP
Secondary are looking for DNS1 and DNS2 (which are servers located in the
main office).
Click to expand...

You have to point them to ANY DNS server for that zone.
If that DNS server is an AD-integrated it can register locally,
right there on the DNS-DC.

IF that server is (only) a Secondary, the client will use the
Secondary's copy of the SOA record to find the Master and
work up the chain to a Master (on of the AD-integrated DNS
servers MUST be somewhere above the Secondary as the
master source.)

Generally, each "significant" site should have at least one
DC (and it should be a GC) so generally you will have a
place to put AD-integrated DNS at every site.

Note:
You may have some locations that are were there are no
domain resources or access to those resources is NOT
critical and which therefore don't have a DC.
 
Back
Top