Archived from groups: microsoft.public.win2000.dns (
More info?)
QIP is just BIND+ with some nice features added. It works
OK with AD if properly configured. They pay attention
to Windows domains (unlike the benign hostility of BIND).
If you can live without AD-integrated zones and secure updates
(either of which may even be in the newest cut - I haven't looked), then
it is hard to justify anything much on technical grounds.
However, regardless of platform, it is ALWAYS better to have local
admin control over the DNS server handling your AD domain.
The big reason is that sooner or later, things break in AD and AD
replication. And when they do, being able to drill down in DNS is
really a requirement to isolating what is going on.
So either your handle your own domain. Or you become an admin and
expert in QIP and/or your DNS admins become expert in solving AD problems.
Or sooner AD will break at the worst possible moment and you'll be
participating in an ugly, protracted, 'finger-pointing' exercise. We've all
been there.
From a technical standpoint, the main issue in down-delegating from
a parent server is to avoid forwarding loops. This is usually a solvable
design problem, but it requires co-ordination between your group
and your QIP group and likely some extra 'hair' on the QIP side.
It is a cleaner design and will be simpler for everyone if you just handle
your local zone and ship everything else upstream to the Vital box. In
this latter scenario I cannot see that a reverse delegation (classful or
classless) would be any kind of real problem, thought the DHCP
topology might be.This hierarchical configuration/ delegation is the
way DNS is designed to be used.
But if it is a matter of 'feifdoms,' when you find a solution to that problem,
please let me know
Steve Duff, MCSE, MVP
Ergodic Systems, Inc.
"Joe Flynn" <JoeFlynn@discussions.microsoft.com> wrote in message news:E73D12ED-C57D-40A6-9D71-ADDC69DEC22A@microsoft.com...
> Can you possibly tell me why you would recommend using QIP for DNS. I am
> siding with you here but our "Standards" group will sure ask me why I comment
> that I want to keep windows.
>
> "Herb Martin" wrote:
>
>> "Joe Flynn" <JoeFlynn@discussions.microsoft.com> wrote in message
>> news:3D5BB7A0-DDB4-4735-98AE-692F76B6B24A@microsoft.com...
>> > My domain structure consist of 15 sites and about 29 domain controllers.
>> > This is a nationwide domain. We use QIP for enterprise DNS because of all
>> > the UNIX hardware. My Enterpise DNS admin wants to integrate the Windows
>> DNS
>> > with QIP but I was not sure of the issues with that.
>>
>> Don't do it. Even though it is technically doable, you will
>> be very unhappy over time if you don't use a Windows DNS
>> server (set) for your AD DNS support zone(s.)
>>
>> If you Unix admins are adamant and you share a zone then
>> you should ask them to DELEGATE you a child zone for
>> Windows -- if you already have your Windows 2000+ domains
>> it is too late to do this.
>>
>>
>> > Do you recommend I do
>> > that to resolve the Reverse Lookup problem I am having between os platform
>> > and dns....
>>
>> No. If you can get the admins to make the QIP dynamic
>> then you should be fine, as long as you DHCP (and other
>> clients) can resolve the QIP-held reverse zones (mostly
>> a recursion or fowarding issue).
>>
>> My bet is you don't have resolution working for all possible
>> forward and reverse zones.
>>
>> Also note: There is NO technical relationship between a
>> forward and a reverse zone. (All such relationships are
>> by human convention.)
>>
>>
>> --
>> Herb Martin
>>
>>
>> >
>> > "Steve Duff [MVP]" wrote:
>> >
>> > > With any non-Windows DNS Server, you have no
>> > > participation in AD replication at all. AD will (and
>> > > must) still update the QIP server through DDNS.
>> > >
>> > > The QIP servers must be configured to accept
>> > > dynamic updates from your network, and must be
>> > > configured to accept extended name syntax. Other
>> > > than that, no real issues.
>> > >
>> > > The lack of AD replication for DNS is not usually
>> > > much of a problem unless your site is very large or
>> > > you have a complex domain topology. With one
>> > > DNS server and DC, it becomes almost a non-issue.
>> > >
>> > > Steve Duff, MCSE, MVP
>> > > Ergodic Systems, Inc.
>> > >
>> > > "Joe Flynn" <JoeFlynn@discussions.microsoft.com> wrote in message
>> news:CA2931AF-44A5-446C-A2D4-A3E8572A67A8@microsoft.com...
>> > > > Steve
>> > > >
>> > > > What else would i loose if I went to QIP DNS. Would I have any issues
>> with
>> > > > AD replication or anything like that.
>> > > >
>> > > > "Steve Duff [MVP]" wrote:
>> > > >
>> > > >> Your configuration kind of spells trouble. You need to decide
>> > > >> which DNS you want to use, and take out the secondary. QIP/BIND
>> > > >> cannot participate in AD multi-master replication, so there is
>> > > >> no 'two-way' street you can setup that will insure that DDNS updates
>> > > >> made to either server get propagated reliably to the other.
>> > > >>
>> > > >> If your Windows machines are on their own subnet, I'd suggest
>> > > >> you consider using your Windows DNS as the primary (and only)
>> > > >> DNS for those machines, and then place a delegation on the QIP
>> > > >> farm for that reverse subnet and the zone. (A classless reverse
>> > > >> is a little more work, but can be done.) Alternatively you can
>> > > >> setup QIP as a secondary and perform zone pulls from the
>> > > >> Windows DNS.
>> > > >>
>> > > >> As long as you configure the QIP servers to accept extended
>> > > >> syntax on the names, you are free to use that server for all DNS
>> > > >> and turn off Windows Server DNS entirely. You lose AD-integration/
>> > > >> replication and secure updates, but otherwise it will work fine.
>> > > >> If you want a simple topology to manage, that is a good way to go.
>> > > >>
>> > > >> Steve Duff, MCSE, MVP
>> > > >> Ergodic Systems, Inc.
>> > > >>
>> > > >>
>> > > >> "Joe Flynn" <JoeFlynn@discussions.microsoft.com> wrote in message
>> news
89B180F-C8F5-47DC-8B7C-44947C4C386F@microsoft.com...
>> > > >> > Hello, I amlooking for any suggestions with using Windows DNS and
>> QIP. I am
>> > > >> > set with forward lookup zones and having my enterprise QIP DNS as a
>> secondary
>> > > >> > to the Windows DNS. My question is that my reverse lookup zones
>> are broken.
>> > > >> > I cannot use Windows Reverse to query a Unix machine and I cannot
>> use QIP to
>> > > >> > query a windows machine. All my windows boxes are running DHCP.
>> My goal is
>> > > >> > to use dynamic updates to update the reverse lookup record in QIP
>> and
>> > > >> > hopefully windows DNS. Not sure if this is even doable. I simply
>> want to
>> > > >> > get reverse DNS lookup's workgroups across platforms. We use QIP
>> as the
>> > > >> > enterprise DNS because we have alot of UNIX servers and
>> workstations. Any
>> > > >> > ideas would be great.
>> > > >>
>> > > >>
>> > > >>
>> > >
>> > >
>> > >
>>
>>
>>
Facebook
Twitter
Instagram