I'm kind of working through a list of things I've noticed, most of which is going on to another list such as the backups, and have now arrived to DNS.
At the moment, all clients and servers, have the 2 DC's DNS and the ISP's DNS and I have left this as it is for the time being because it's carried on working and since it did that I wasn't to worried.
Anyway, in order to correct this, I'm planning on getting rid of the ISP's DNS and hopefully the system is going to go to using the DC's DNS and the forwarders configured. Now, there's a couple of questions before I go changing things on the DC's.
1. The DC's I'm assuming shouldn't have the ISP's DNS either, right? If not, then presumably, the Main DC has it's self configured as the primary DNS and the other DC as it's Secondary DNS and then the forwarders will take care of that, is that right?
2. Should the other DC follow the same rule, so the Primary DNS is the Main DC and it's self as the Secondary DNS, or is its self which should be the Primary DNS? I've had a scout about on the net and can't really find an answer. Probably the search terms I'm using.
3. Reverse lookup zones. I currently don't have any. Searching the edugeek most people say it will work without, but it's easy enough to set up so might as well be there. So, having found a simple guide on how to do it, probably a daft question, but do I create a primary zone for each of the ranges I've got? So if I had 10.10.1.0, 10.10.2.0 and 10.10.3.0, I'd create a primary zone for each one?
Thanks for that SYNACK, put my mind at rest about what I'd planned to do.
Does it make any difference whether I make the other DC have the Main DC as it's primary DNS server or not? Any advantages/disadvantages having it either way?
My personal view would be that if you're running DNS on the box itself should be the primary with A-N-Other as the secondary. No point forcing queries out to the main dc if 'itself' could handle it.
That's fine then, I'll make a note to change the settings that way.
If you use the reverse zones option as desribed by Synack remember to configure the scavenging for all zones correctly and keep a close eye on the database for duplicate entries.
Normally the zones will look after themselves but it's all to easy to fall into the polluted rDNS trap.
Just a minor nitpick, you should setup another dc as your dcs primary dns and itself as the secondary. The reason for this is it stops the nasty messages in the system event log when the dc can't register it's SRV records in DNS because although networking has come up the DNS server hasn't started.
Actually, the more technical phrase is "DNS Island". This was a real issue for Windows 2000; I can't find definitive info to say if it was fixed in 2003 and later (I think it was) but, basically, if each server points to itself then you can get to a situation where they stop talking to each other and this is a bad thing...
I'm probably teaching egg sucking but, in general, a good starting point is to ask Microsoft how they think you should configure their products. Try googling:
dns "best practice" site:microsoft.com
(put whatever you're interested in in place of DNS!)
This won't always get what you want - some of MS guidance is not sensible in schools (full control permissions on user folders, for example) - but it makes sense to start by looking at what they say.
This reminds of something that said at the last EMBC conference when we were told that all machines should have their DNS servers in the list beneath our own internal DNS, incase our DNS was unavailable.
No no no no no no no! That's wrong.
I have configured them like this for quite some time under 2003 and have not had any issues with DNS over that time but I could just be lucky. I had a look at the MS post from Geoff but it does say that it reffers to Windows 2000 era servers. At that point my schools only had one each so it didn't affect me then either. Not sure of the best practice but will look it up at some point to see what MS's current opinion is on the matter
There are currently 1 users browsing this thread. (0 members and 1 guests)