Whitepaper on win2003 DNS performance ?

  • Thread starter Thread starter Marlon Brown
  • Start date Start date
M

Marlon Brown

Can you please point me to a complete and updated article on DNS (Win2003 AD
integration) deployment ?
I am interested in server performance consideration as well.

I understand that on AD-DNS integrated, my existing primary and secondary
Windows 2003 DNS servers will be setup as DC's. I am wondering whether the
fact that the DNS serves will be acting as Domain Controllers and provide
authentication would make me buy more robust hardware to support the
workload ?
 
Marlon Brown said:
Can you please point me to a complete and updated article on DNS (Win2003 AD
integration) deployment ?
I am interested in server performance consideration as well.

I understand that on AD-DNS integrated, my existing primary and secondary
Windows 2003 DNS servers will be setup as DC's. I am wondering whether the
fact that the DNS serves will be acting as Domain Controllers and provide
authentication would make me buy more robust hardware to support the
workload ?
Click to expand...

How many users/computers do you have?

Most DCs are vastly overpowered unless they
have other non-DC/non-name-resolution jobs.

DNS adds little to the DC in terms of load, for
most reasonable size networks, and if you have
more computers you put in more DCs and with
more DNS - you will likely run into network
issues long before you overtax the DNS/DC.
[/QUOTE]
 
I have 5,000 computer.
About 15,000 users.


Herb Martin said:
How many users/computers do you have?

Most DCs are vastly overpowered unless they
have other non-DC/non-name-resolution jobs.

DNS adds little to the DC in terms of load, for
most reasonable size networks, and if you have
more computers you put in more DCs and with
more DNS - you will likely run into network
issues long before you overtax the DNS/DC.
Click to expand...
[/QUOTE]
 
Marlon Brown said:
I have 5,000 computer.
About 15,000 users.
Click to expand...

How many (major) network locations on the WAN?

How many DCs?

How many (major) domains?

Largest LAN location? General size of other locations?

The entire AD database can be loaded (cached) into
something like (probably less) 80 Meg so a bit of ram
will help. Caching the entire DNS database (whether
as part of AD or separately) would only add a negligible
amount.

[/QUOTE]
 
Herb Martin said:
How many (major) network locations on the WAN?
Click to expand...
I have 18 small branch offices (less than 150 people/office) that currently
come thru the T1 to authenticate.
Total of 5,000 users coming thru the T1 for authentication.
How many DCs?
Click to expand...
Currently I have total of (3) Dc's on the main site. If I make the
PrimaryDNS and SecondaryDNS DC's in order to enable the ADI, that would be 5
DC's on the main site.
How many (major) domains? 1 domain

Largest LAN location? General size of other locations?
Click to expand...
4 major branch offices have one DC/GC per site; about 800 users/machines on
remote branch offices.

As I said before, other small branch offices have less than 150
people/machines and I let them come thru the T1 since the T1 utilization is
really low and that has been working alright.
 
1 domain
I have 18 small branch offices (less than 150 people/office) that currently
come thru the T1 to authenticate.
Total of 5,000 users coming thru the T1 for authentication.
Click to expand...

You will probably see more performance issues
due to the WAN than to the DNS.

Some of those offices perhaps should have DC/DNS
anyway though...

Relevant question:
Are there local domain resources, on an individual LAN,
which are critical to your business?

If yes, that location needs a DC/DNS.*

*Access to domain resources requires domain authentication.
Currently I have total of (3) Dc's on the main site. If I make the
PrimaryDNS and SecondaryDNS DC's in order to enable the ADI, that would be 5
DC's on the main site.
Click to expand...

A (likely good) choice if performance of the DNS is
ever an issue, but I would want to take advantage of the
other advantages of AD integration in any case.

Secure updates and multi-mastering are the biggest
benefits (especially to you.)
4 major branch offices have one DC/GC per site; about 800 users/machines on
remote branch offices.
Click to expand...

And these should almost certainly be AD-Integrated DNS server.

If that site is critical (domain resources etc) then you
may wish to consider two DC-GC-DNS servers in
one or more of them.

Replication burden will not increase (these should be
Sites of course) since replication will be on a per site
basis.

Note that AD-Integrated DNS will allow you to update
DNS locally without having to use the WAN.

Also recognize that most people VASTLY overpower
their (dedicated) DCs. A relatively old machine (circa
500-2000 Mhz with as 512 Meg of RAM can do quite
well in most cases.) The OS will cost more than the
hardware.
As I said before, other small branch offices have less than 150
people/machines and I let them come thru the T1 since the T1 utilization is
really low and that has been working alright.
Click to expand...
 
In Herb Martin <[email protected]> made a post then I commented below

:: The entire AD database can be loaded (cached) into
:: something like (probably less) 80 Meg so a bit of ram
:: will help. Caching the entire DNS database (whether
:: as part of AD or separately) would only add a negligible
:: amount.

I believe it's much larger than that. That sounds more of an NT4 size based
on user/computer accounts.

I need to dig up the calculations to confirm this. IIRC, the physical AD
database size with a base of 10,000 users with Win2k and/or XP computers,
that are all mailbox enabled is almost 500 megs.

Ace
 
In Marlon Brown <[email protected]> made a post then I commented below
::: How many (major) network locations on the WAN?
:: I have 18 small branch offices (less than 150 people/office) that
:: currently come thru the T1 to authenticate.
:: Total of 5,000 users coming thru the T1 for authentication.

I would honestly put a DC/DNS server in each location with 150 or less
users. I understand you have a T1 from each location, but the
logon/authentication and DNS query traffic, besides Internet browsing and
email traffic can get quite heavy at peak times. Performance gains will be
realized immediately with a DC/DNS in each of these locations.

::: Largest LAN location? General size of other locations?
:: 4 major branch offices have one DC/GC per site; about 800
:: users/machines on remote branch offices.

That is fine from a design perspective for DC distribution and DNS
availability.

For more info on how to design and implement AD in a multi location branch
office scenario, along with DNS availability, see this article:

Active Directory Deployment including Branch Office Guide Series:
http://www.microsoft.com/technet/pr...s/activedirectory/deploy/adguide/default.mspx

Chapter 4 - Active Directory Design:
http://www.microsoft.com/resources/documentation/exchange/2000/all/reskit/en-us/part2/c04names.mspx

Chapter 9 - Designing the Active Directory Structure:
http://www.microsoft.com/resources/...server/reskit/en-us/deploy/part3/chapt-9.mspx

Best Practice Active Directory Design for Managing Windows Networks [and
DNS]:
http://www.microsoft.com/technet/pr...chnologies/activedirectory/plan/bpaddsgn.mspx

--
Regards,
Ace

G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
"Ace Fekay [MVP]"
In Herb Martin <[email protected]> made a post then I commented below

:: The entire AD database can be loaded (cached) into
:: something like (probably less) 80 Meg so a bit of ram
:: will help. Caching the entire DNS database (whether
:: as part of AD or separately) would only add a negligible
:: amount.

I believe it's much larger than that. That sounds more of an NT4 size based
on user/computer accounts.
Click to expand...

Why do you believe that?

Each user account, one of the larger user objects and the
most prevalent large object, are 4K (really.)

Computer accounts are smaller but take 20K objects:

4k x 20k = 80 Meg -- you do the math.
I need to dig up the calculations to confirm this. IIRC, the physical AD
database size with a base of 10,000 users with Win2k and/or XP computers,
that are all mailbox enabled is almost 500 megs.
Click to expand...

Not likely.
 
In Herb Martin <[email protected]> made a post then I commented below
::: I believe it's much larger than that. That sounds more of an NT4
::: size based on user/computer accounts.
::
:: Why do you believe that?
::
:: Each user account, one of the larger user objects and the
:: most prevalent large object, are 4K (really.)
::
:: Computer accounts are smaller but take 20K objects:
::
:: 4k x 20k = 80 Meg -- you do the math.
::
::: I need to dig up the calculations to confirm this. IIRC, the
::: physical AD database size with a base of 10,000 users with Win2k
::: and/or XP computers, that are all mailbox enabled is almost 500
::: megs.
::
:: Not likely.

Now why are you always so punchy when I mention you may have an an error in
your post? I was trying to point out your estimate was a little light. I
would *always* welcome criticism or corrections at anytime for my errors.
You don't seem to.

That said, I easily ascertained my findings by simply using the Active
Directory Sizer tool. It's a FREE download:
http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/adsizer-o.asp

I recommend anyone to use this tool who needs to estimate database size,
(taking into considerations increased attributes due to Exchange, etc),
minimum number of DCs and GCs required in a site, and much more. Although it
gives *absolute mimimal* figures, it is a help in the right direction.

Therefore, my estimate of 400megs or was slightly high. The ADSizer actually
estimated the *domain* database size, which I based it on the original
poster's scenario, which was based on 15,000 user accounts, 5000 Win2k, NT4
or XP client machines, 200 additional NT based machines (NT4, W2k, XP or
W2k3 - laptops, member servers, etc), and using Exchange for email services,
and one site (for database size, for the argument sakes, it doesn't matter
how many sites you have), to be:

654megs per DC/GC.

If Marlon does not have Exchange, the database size would be smaller
(because of less attributes per user account and mail-enabled group
objects):

558megs per DC/GC.

So Herb, please check YOUR math.

Herb, please be a little more forgiving in the future. WE ARE ALL WORKING
TOGETHER IN THESE GROUPS, and we're not here to criticize each other.

Ace
 
Back
Top