Archived from groups: microsoft.public.win2000.dns (More info?)
I've been an NT4 admin for years and am responsible for migrating us to
2003. I'm new to AD and am certainly no expert on AD or DNS, but I have read
MS books, Mark Minasi's 2003 book, and the O'Riely 2003 DNS book. All of the
books and scenerios all seem to just discuss simple AD setups. I had a test
AD working for months using 2000 and it worked great but that was a single
domain. I started over with 2003 this time and now that I am trying to add a
child domain (i.e. domain tree) I am having some problems and no one seems
to cover this scenerio to the point where I understand it. I understand the
CONCEPTS just fine - it's when you get to the nuts and bolts of what
settings go where that everyone seems to leave that out of all of the
training material.
Here's the setup - Each domain will have 2 DCs. The DCs will run Microsoft
DNS and be AD-integrated. One domain (root.priv) will be an empty root
domain for the sole purpose of isolating the Enterprise admin account and
making it easier down the road to reshape the forst if we ever need to. The
second domain (corp.priv) will be the actual production domain that all 100
of my users will belong to and use. It's just a separate tree in the forest.
I also have 2 caching BIND DNS servers on the outside interface for internet
queries, which I will slave my internal DNS servers to for external query
forwarding. Each DC will be a GC server, and one DC in each domain will be
located offsite for disaster recovery purposes (P2P VPN connection between
the sites). That's pretty much it, other than I need to run WINS in the
corp.priv domain. The corp.priv domain will be divided into 2 network
subnets (the second subnet is a QA network that is currently an NT4 domain
but I will just make it an OU in the corp.priv domain once I migrate). So my
plan was to have a DHCP server in the corp.priv domain that will give out
addresses in 2 different subnets (we have DHCP relaying enabled on our cisco
routers). Sounds easy enough on paper, but once I tried to build it I am
having problems with DNS. I've been trying a bunch of things but it's
getting down to crunch time and it's starting to tick me off.
Here's where I'm confused:
1. Local TCP/IP settings on the DNS servers:
I'm confused how to fill out each DC/DNS server's TCP/IP settings. For
example, in the local TCP/IP properties, I know that all DNS servers should
point to themselves as the primary and no secondary, so that's what I've
done on all of the servers (I used the actual IP of the box, not 127.0.0.0
like Microsoft says to do). But I don't know if the same "point to itself as
the primary w/no secondary" rule applies for the corp.priv domain's DNS
servers as well.
2. The DNS settings:
What goes in the name servers box? Do you just list each name server in that
domain, or do you list EVERY name server in your forest in every DNS
server's name server box? For example, on the root.priv DNS servers do I
just list the 2 root.priv servers, and on the corp.priv DNS servers list the
corp.priv servers? Or do I need to instead list all 4 DNS servers on each
DNS server?
What goes in the forwarders box? Since I want to be slaved to external
forwarders for internet queries, I put the address of my 2 external DNS
servers in the forwarders box for "all other DNS domains" and checked the
"do not use recursion for this domain" checkbox. This worked great on the
root.priv DNS servers, but do I do the same on the corp.priv servers?
Basically I want ANY internet query from ANY internal dns server to be
slaved to external forwarders. But I don't understand if child domain DNS
servers are even supposed to resolve internet queries themselves, or if
child domain DNS servers are supposed to forward all DNS queries (internal
or external) to its parent's DNS server?
And how does root.priv and corp.priv forward queries to one another? Someone
recommended to me that I use conditional forwarding. For example, on the
forwarders tab of the root.priv DNS servers, create a new corp.priv domain
and list the corp.priv's DNS servers. And do the opposite for the corp.priv
DNS servers. Is this correct and do I check the "do not use recursion for
this domain" checkbox like I did for the external slave forwarders?
3. Client TCP/IP settings:
What DNS server would clients point to as their primary and secondary DNS
servers? Should machines in Root.test point to the root.test dns servers,
and the machines in corp.test point to the corp.test dns servers? Or should
everyone point to the root.test dns servers? Or does it matter?
=======================
Is there any other tricks I need to do on the 4 DC/DNS servers? A microsoft
article I found said to add the IP addresses (and domain name instead of the
server name) of the DCs to the host file on each DC. This supposedly helps
with DNS resolution issues and some AD replication problems I was having. Is
there any other tips from veterans like this I need to know about to make my
life easier?
Any assistance is greatly appreciated. I know DNS is the heart of AD, and if
that's not worknig then everything else will just be fubarred. So I want to
make sure all of my t's are crossed and i's are dotted before going forward
with any of the NT4 migration procedures and everything else.
I am free to design things however I see fit, so if anyone has a "if I was
going to do it here's what I would do" idea I would love to hear it too.
- Greg
I've been an NT4 admin for years and am responsible for migrating us to
2003. I'm new to AD and am certainly no expert on AD or DNS, but I have read
MS books, Mark Minasi's 2003 book, and the O'Riely 2003 DNS book. All of the
books and scenerios all seem to just discuss simple AD setups. I had a test
AD working for months using 2000 and it worked great but that was a single
domain. I started over with 2003 this time and now that I am trying to add a
child domain (i.e. domain tree) I am having some problems and no one seems
to cover this scenerio to the point where I understand it. I understand the
CONCEPTS just fine - it's when you get to the nuts and bolts of what
settings go where that everyone seems to leave that out of all of the
training material.
Here's the setup - Each domain will have 2 DCs. The DCs will run Microsoft
DNS and be AD-integrated. One domain (root.priv) will be an empty root
domain for the sole purpose of isolating the Enterprise admin account and
making it easier down the road to reshape the forst if we ever need to. The
second domain (corp.priv) will be the actual production domain that all 100
of my users will belong to and use. It's just a separate tree in the forest.
I also have 2 caching BIND DNS servers on the outside interface for internet
queries, which I will slave my internal DNS servers to for external query
forwarding. Each DC will be a GC server, and one DC in each domain will be
located offsite for disaster recovery purposes (P2P VPN connection between
the sites). That's pretty much it, other than I need to run WINS in the
corp.priv domain. The corp.priv domain will be divided into 2 network
subnets (the second subnet is a QA network that is currently an NT4 domain
but I will just make it an OU in the corp.priv domain once I migrate). So my
plan was to have a DHCP server in the corp.priv domain that will give out
addresses in 2 different subnets (we have DHCP relaying enabled on our cisco
routers). Sounds easy enough on paper, but once I tried to build it I am
having problems with DNS. I've been trying a bunch of things but it's
getting down to crunch time and it's starting to tick me off.
Here's where I'm confused:
1. Local TCP/IP settings on the DNS servers:
I'm confused how to fill out each DC/DNS server's TCP/IP settings. For
example, in the local TCP/IP properties, I know that all DNS servers should
point to themselves as the primary and no secondary, so that's what I've
done on all of the servers (I used the actual IP of the box, not 127.0.0.0
like Microsoft says to do). But I don't know if the same "point to itself as
the primary w/no secondary" rule applies for the corp.priv domain's DNS
servers as well.
2. The DNS settings:
What goes in the name servers box? Do you just list each name server in that
domain, or do you list EVERY name server in your forest in every DNS
server's name server box? For example, on the root.priv DNS servers do I
just list the 2 root.priv servers, and on the corp.priv DNS servers list the
corp.priv servers? Or do I need to instead list all 4 DNS servers on each
DNS server?
What goes in the forwarders box? Since I want to be slaved to external
forwarders for internet queries, I put the address of my 2 external DNS
servers in the forwarders box for "all other DNS domains" and checked the
"do not use recursion for this domain" checkbox. This worked great on the
root.priv DNS servers, but do I do the same on the corp.priv servers?
Basically I want ANY internet query from ANY internal dns server to be
slaved to external forwarders. But I don't understand if child domain DNS
servers are even supposed to resolve internet queries themselves, or if
child domain DNS servers are supposed to forward all DNS queries (internal
or external) to its parent's DNS server?
And how does root.priv and corp.priv forward queries to one another? Someone
recommended to me that I use conditional forwarding. For example, on the
forwarders tab of the root.priv DNS servers, create a new corp.priv domain
and list the corp.priv's DNS servers. And do the opposite for the corp.priv
DNS servers. Is this correct and do I check the "do not use recursion for
this domain" checkbox like I did for the external slave forwarders?
3. Client TCP/IP settings:
What DNS server would clients point to as their primary and secondary DNS
servers? Should machines in Root.test point to the root.test dns servers,
and the machines in corp.test point to the corp.test dns servers? Or should
everyone point to the root.test dns servers? Or does it matter?
=======================
Is there any other tricks I need to do on the 4 DC/DNS servers? A microsoft
article I found said to add the IP addresses (and domain name instead of the
server name) of the DCs to the host file on each DC. This supposedly helps
with DNS resolution issues and some AD replication problems I was having. Is
there any other tips from veterans like this I need to know about to make my
life easier?
Any assistance is greatly appreciated. I know DNS is the heart of AD, and if
that's not worknig then everything else will just be fubarred. So I want to
make sure all of my t's are crossed and i's are dotted before going forward
with any of the NT4 migration procedures and everything else.
I am free to design things however I see fit, so if anyone has a "if I was
going to do it here's what I would do" idea I would love to hear it too.
- Greg
T4Zc.268401$fv.189161@fe2.columbus.rr.com...
Facebook
Twitter
Instagram