What DNS-Records have to be there?

  • Thread starter Thread starter Stefan 'Birdie' Vogel
  • Start date Start date
S

Stefan 'Birdie' Vogel

Hello,

we currently try to troubleshoot a DNS-problem in our AD. (non MS-DNS, we
use QIP)

Exactly what DNS SRV RRs have to be registered from witch machine?

Asumeing the following small version of our domain structure:

forrest.com
domain.forrest.com

Site1 (central)
dc.forrest.com (Schema / Naming)
DC1.domain.forrest.com (PDC, RID and Infra)
DC2.domain.forrest.com (GC and Bridgehead)

Site2 (remote)
dc3.domain.forrest.com (GC and bridgehead / site link to site 1)


Site3 (remote)
dc4.domain.forrest.com (GC and bridgehead / sitelink to site 1


Site4 (remote)
dc5.domain.forrest.com (GC and bridgehead / sitelink to site 3!!!)



Or does anyone know a website explaining it in detail?

Hope someone can help me with this.

Regards
Stefan Vogel
 
For starters you could run dnslint, it should determine if they are all
there.
http://support.microsoft.com/default.aspx/kb/321046

Details on the dns records for AD
http://technet2.microsoft.com/Windo...75c3-4a77-ae93-a8804e9ff2a11033.mspx?mfr=true

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 
The problem is more, that we don't miss any entries, but it looks liek we
have several woo much.....


i.e: we have this entries
_ldap._tcp.SITE1._sites.....
and
_ldap._tcp.SITE2._sites.....

for a DC in SITE1.

And our central DCs have this kind of entries for allmost all our sites
(about 40).
Is that normal? I don't think so.

Regards
Stefan
 
Look at the netlogon.dns files in %windir%\system32\config directory.

The actual records will vary based on your overally topology. For
instance if you have a site that doesn't have a DC for Domain Y some DC
for Domain Y will register some DNS records for that site.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
So am I right, that when I create a new site and a client at this site logs
in before the DC is active, that any of the allready existing DCs will
register a DNS-record for the new site?

But if so, shouldn't this entry be deleted from DNS after some time?

Regards
Stefan
 
What you should have within the _tcp.sitename.sites.domainname is a _gc,
_kerberos and _ldap srv record for each dc in the site that hosts these
services (If no gc on a dc then it shouldn't have a gc record). If you have
dc names in here that aren;t within this site, you should be able to remove
them. I would note any service location names (COMPLETELY) before removing
anything and then do it to just one DC's service.

Then run a netdiag
NetDiag.exe /l /v /test:dns

See if there are any error messages. If not I would remove another, etc...

Once done I would then run a netdiag /fix on each dc


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 
It doesn't matter when the client logs on. If a new site is created and
it doesn't have coverage for a given domain, the "closest" DC will then
register records to cover that site. Once a DC is spun up in that site
for a given domain, any coverage records from another DC in another site
should be removed. I don't recall off the top of my head though if this
is an actual deregistration or it relies on scavenging.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Back
Top