Whitepaper on win2003 DNS performance ?

Archived from groups: microsoft.public.win2000.dns (More info?)

Can you please point me to a complete and updated article on DNS (Win2003 AD
integration) deployment ?
I am interested in server performance consideration as well.

I understand that on AD-DNS integrated, my existing primary and secondary
Windows 2003 DNS servers will be setup as DC's. I am wondering whether the
fact that the DNS serves will be acting as Domain Controllers and provide
authentication would make me buy more robust hardware to support the
workload ?
9 answers Last reply
More about whitepaper win2003 performance
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
    news:#bwEbf47EHA.1300@TK2MSFTNGP14.phx.gbl...
    > Can you please point me to a complete and updated article on DNS (Win2003
    AD
    > integration) deployment ?
    > I am interested in server performance consideration as well.
    >
    > I understand that on AD-DNS integrated, my existing primary and secondary
    > Windows 2003 DNS servers will be setup as DC's. I am wondering whether the
    > fact that the DNS serves will be acting as Domain Controllers and provide
    > authentication would make me buy more robust hardware to support the
    > workload ?

    How many users/computers do you have?

    Most DCs are vastly overpowered unless they
    have other non-DC/non-name-resolution jobs.

    DNS adds little to the DC in terms of load, for
    most reasonable size networks, and if you have
    more computers you put in more DCs and with
    more DNS - you will likely run into network
    issues long before you overtax the DNS/DC.


    --
    Herb Martin


    >
    >
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    I have 5,000 computer.
    About 15,000 users.


    "Herb Martin" <news@LearnQuick.com> wrote in message
    news:%23Yha2857EHA.4072@TK2MSFTNGP10.phx.gbl...
    > "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
    > news:#bwEbf47EHA.1300@TK2MSFTNGP14.phx.gbl...
    >> Can you please point me to a complete and updated article on DNS (Win2003
    > AD
    >> integration) deployment ?
    >> I am interested in server performance consideration as well.
    >>
    >> I understand that on AD-DNS integrated, my existing primary and secondary
    >> Windows 2003 DNS servers will be setup as DC's. I am wondering whether
    >> the
    >> fact that the DNS serves will be acting as Domain Controllers and provide
    >> authentication would make me buy more robust hardware to support the
    >> workload ?
    >
    > How many users/computers do you have?
    >
    > Most DCs are vastly overpowered unless they
    > have other non-DC/non-name-resolution jobs.
    >
    > DNS adds little to the DC in terms of load, for
    > most reasonable size networks, and if you have
    > more computers you put in more DCs and with
    > more DNS - you will likely run into network
    > issues long before you overtax the DNS/DC.
    >
    >
    > --
    > Herb Martin
    >
    >
    >>
    >>
    >
    >
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
    news:OmpzQo77EHA.3828@TK2MSFTNGP09.phx.gbl...
    > I have 5,000 computer.
    > About 15,000 users.
    >

    How many (major) network locations on the WAN?

    How many DCs?

    How many (major) domains?

    Largest LAN location? General size of other locations?

    The entire AD database can be loaded (cached) into
    something like (probably less) 80 Meg so a bit of ram
    will help. Caching the entire DNS database (whether
    as part of AD or separately) would only add a negligible
    amount.


    --
    Herb Martin


    >
    > "Herb Martin" <news@LearnQuick.com> wrote in message
    > news:%23Yha2857EHA.4072@TK2MSFTNGP10.phx.gbl...
    > > "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
    > > news:#bwEbf47EHA.1300@TK2MSFTNGP14.phx.gbl...
    > >> Can you please point me to a complete and updated article on DNS
    (Win2003
    > > AD
    > >> integration) deployment ?
    > >> I am interested in server performance consideration as well.
    > >>
    > >> I understand that on AD-DNS integrated, my existing primary and
    secondary
    > >> Windows 2003 DNS servers will be setup as DC's. I am wondering whether
    > >> the
    > >> fact that the DNS serves will be acting as Domain Controllers and
    provide
    > >> authentication would make me buy more robust hardware to support the
    > >> workload ?
    > >
    > > How many users/computers do you have?
    > >
    > > Most DCs are vastly overpowered unless they
    > > have other non-DC/non-name-resolution jobs.
    > >
    > > DNS adds little to the DC in terms of load, for
    > > most reasonable size networks, and if you have
    > > more computers you put in more DCs and with
    > > more DNS - you will likely run into network
    > > issues long before you overtax the DNS/DC.
    > >
    > >
    > > --
    > > Herb Martin
    > >
    > >
    > >>
    > >>
    > >
    > >
    >
    >
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Herb Martin" <news@LearnQuick.com> wrote in message
    news:u2m$H187EHA.3236@TK2MSFTNGP15.phx.gbl...
    > "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
    > news:OmpzQo77EHA.3828@TK2MSFTNGP09.phx.gbl...
    >> I have 5,000 computer.
    >> About 15,000 users.
    >>
    >
    > How many (major) network locations on the WAN?
    I have 18 small branch offices (less than 150 people/office) that currently
    come thru the T1 to authenticate.
    Total of 5,000 users coming thru the T1 for authentication.

    >
    > How many DCs?
    Currently I have total of (3) Dc's on the main site. If I make the
    PrimaryDNS and SecondaryDNS DC's in order to enable the ADI, that would be 5
    DC's on the main site.
    >
    > How many (major) domains?
    1 domain
    >
    > Largest LAN location? General size of other locations?
    4 major branch offices have one DC/GC per site; about 800 users/machines on
    remote branch offices.

    As I said before, other small branch offices have less than 150
    people/machines and I let them come thru the T1 since the T1 utilization is
    really low and that has been working alright.


    > The entire AD database can be loaded (cached) into
    > something like (probably less) 80 Meg so a bit of ram
    > will help. Caching the entire DNS database (whether
    > as part of AD or separately) would only add a negligible
    > amount.
    >
    >
    > --
    > Herb Martin
    >
    >
    >>
    >> "Herb Martin" <news@LearnQuick.com> wrote in message
    >> news:%23Yha2857EHA.4072@TK2MSFTNGP10.phx.gbl...
    >> > "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
    >> > news:#bwEbf47EHA.1300@TK2MSFTNGP14.phx.gbl...
    >> >> Can you please point me to a complete and updated article on DNS
    > (Win2003
    >> > AD
    >> >> integration) deployment ?
    >> >> I am interested in server performance consideration as well.
    >> >>
    >> >> I understand that on AD-DNS integrated, my existing primary and
    > secondary
    >> >> Windows 2003 DNS servers will be setup as DC's. I am wondering whether
    >> >> the
    >> >> fact that the DNS serves will be acting as Domain Controllers and
    > provide
    >> >> authentication would make me buy more robust hardware to support the
    >> >> workload ?
    >> >
    >> > How many users/computers do you have?
    >> >
    >> > Most DCs are vastly overpowered unless they
    >> > have other non-DC/non-name-resolution jobs.
    >> >
    >> > DNS adds little to the DC in terms of load, for
    >> > most reasonable size networks, and if you have
    >> > more computers you put in more DCs and with
    >> > more DNS - you will likely run into network
    >> > issues long before you overtax the DNS/DC.
    >> >
    >> >
    >> > --
    >> > Herb Martin
    >> >
    >> >
    >> >>
    >> >>
    >> >
    >> >
    >>
    >>
    >
    >
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    > 1 domain

    > I have 18 small branch offices (less than 150 people/office) that
    currently
    > come thru the T1 to authenticate.
    > Total of 5,000 users coming thru the T1 for authentication.

    You will probably see more performance issues
    due to the WAN than to the DNS.

    Some of those offices perhaps should have DC/DNS
    anyway though...

    Relevant question:
    Are there local domain resources, on an individual LAN,
    which are critical to your business?

    If yes, that location needs a DC/DNS.*

    *Access to domain resources requires domain authentication.

    > Currently I have total of (3) Dc's on the main site. If I make the
    > PrimaryDNS and SecondaryDNS DC's in order to enable the ADI, that would be
    5
    > DC's on the main site.

    A (likely good) choice if performance of the DNS is
    ever an issue, but I would want to take advantage of the
    other advantages of AD integration in any case.

    Secure updates and multi-mastering are the biggest
    benefits (especially to you.)

    > > Largest LAN location? General size of other locations?
    > 4 major branch offices have one DC/GC per site; about 800 users/machines
    on
    > remote branch offices.

    And these should almost certainly be AD-Integrated DNS server.

    If that site is critical (domain resources etc) then you
    may wish to consider two DC-GC-DNS servers in
    one or more of them.

    Replication burden will not increase (these should be
    Sites of course) since replication will be on a per site
    basis.

    Note that AD-Integrated DNS will allow you to update
    DNS locally without having to use the WAN.

    Also recognize that most people VASTLY overpower
    their (dedicated) DCs. A relatively old machine (circa
    500-2000 Mhz with as 512 Meg of RAM can do quite
    well in most cases.) The OS will cost more than the
    hardware.

    > As I said before, other small branch offices have less than 150
    > people/machines and I let them come thru the T1 since the T1 utilization
    is
    > really low and that has been working alright.
    >
    >
    >
    > > The entire AD database can be loaded (cached) into
    > > something like (probably less) 80 Meg so a bit of ram
    > > will help. Caching the entire DNS database (whether
    > > as part of AD or separately) would only add a negligible
    > > amount.
    > >


    --
    Herb Martin


    "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
    news:OneHZhC8EHA.3700@tk2msftngp13.phx.gbl...
    >
    > "Herb Martin" <news@LearnQuick.com> wrote in message
    > news:u2m$H187EHA.3236@TK2MSFTNGP15.phx.gbl...
    > > "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
    > > news:OmpzQo77EHA.3828@TK2MSFTNGP09.phx.gbl...
    > >> I have 5,000 computer.
    > >> About 15,000 users.
    > >>
    > >
    > >
    > > --
    > > Herb Martin
    > >
    > >
    > >>
    > >> "Herb Martin" <news@LearnQuick.com> wrote in message
    > >> news:%23Yha2857EHA.4072@TK2MSFTNGP10.phx.gbl...
    > >> > "Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
    > >> > news:#bwEbf47EHA.1300@TK2MSFTNGP14.phx.gbl...
    > >> >> Can you please point me to a complete and updated article on DNS
    > > (Win2003
    > >> > AD
    > >> >> integration) deployment ?
    > >> >> I am interested in server performance consideration as well.
    > >> >>
    > >> >> I understand that on AD-DNS integrated, my existing primary and
    > > secondary
    > >> >> Windows 2003 DNS servers will be setup as DC's. I am wondering
    whether
    > >> >> the
    > >> >> fact that the DNS serves will be acting as Domain Controllers and
    > > provide
    > >> >> authentication would make me buy more robust hardware to support the
    > >> >> workload ?
    > >> >
    > >> > How many users/computers do you have?
    > >> >
    > >> > Most DCs are vastly overpowered unless they
    > >> > have other non-DC/non-name-resolution jobs.
    > >> >
    > >> > DNS adds little to the DC in terms of load, for
    > >> > most reasonable size networks, and if you have
    > >> > more computers you put in more DCs and with
    > >> > more DNS - you will likely run into network
    > >> > issues long before you overtax the DNS/DC.
    > >> >
    > >> >
    > >> > --
    > >> > Herb Martin
    > >> >
    > >> >
    > >> >>
    > >> >>
    > >> >
    > >> >
    > >>
    > >>
    > >
    > >
    >
    >
  6. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:u2m$H187EHA.3236@TK2MSFTNGP15.phx.gbl,
    Herb Martin <news@LearnQuick.com> made a post then I commented below

    :: The entire AD database can be loaded (cached) into
    :: something like (probably less) 80 Meg so a bit of ram
    :: will help. Caching the entire DNS database (whether
    :: as part of AD or separately) would only add a negligible
    :: amount.

    I believe it's much larger than that. That sounds more of an NT4 size based
    on user/computer accounts.

    I need to dig up the calculations to confirm this. IIRC, the physical AD
    database size with a base of 10,000 users with Win2k and/or XP computers,
    that are all mailbox enabled is almost 500 megs.

    Ace
  7. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:OneHZhC8EHA.3700@tk2msftngp13.phx.gbl,
    Marlon Brown <marlon_brownj@hotmail.com> made a post then I commented below
    ::: How many (major) network locations on the WAN?
    :: I have 18 small branch offices (less than 150 people/office) that
    :: currently come thru the T1 to authenticate.
    :: Total of 5,000 users coming thru the T1 for authentication.

    I would honestly put a DC/DNS server in each location with 150 or less
    users. I understand you have a T1 from each location, but the
    logon/authentication and DNS query traffic, besides Internet browsing and
    email traffic can get quite heavy at peak times. Performance gains will be
    realized immediately with a DC/DNS in each of these locations.

    ::: Largest LAN location? General size of other locations?
    :: 4 major branch offices have one DC/GC per site; about 800
    :: users/machines on remote branch offices.

    That is fine from a design perspective for DC distribution and DNS
    availability.

    For more info on how to design and implement AD in a multi location branch
    office scenario, along with DNS availability, see this article:

    Active Directory Deployment including Branch Office Guide Series:
    http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/adguide/default.mspx

    Chapter 4 - Active Directory Design:
    http://www.microsoft.com/resources/documentation/exchange/2000/all/reskit/en-us/part2/c04names.mspx

    Chapter 9 - Designing the Active Directory Structure:
    http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/deploy/part3/chapt-9.mspx

    Best Practice Active Directory Design for Managing Windows Networks [and
    DNS]:
    http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/plan/bpaddsgn.mspx

    --
    Regards,
    Ace

    G O E A G L E S !!!
    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
    --
    =================================
  8. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Ace Fekay [MVP]"
    <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
    message news:uyC9yhS8EHA.3596@TK2MSFTNGP12.phx.gbl...
    > In news:u2m$H187EHA.3236@TK2MSFTNGP15.phx.gbl,
    > Herb Martin <news@LearnQuick.com> made a post then I commented below
    >
    > :: The entire AD database can be loaded (cached) into
    > :: something like (probably less) 80 Meg so a bit of ram
    > :: will help. Caching the entire DNS database (whether
    > :: as part of AD or separately) would only add a negligible
    > :: amount.
    >
    > I believe it's much larger than that. That sounds more of an NT4 size
    based
    > on user/computer accounts.

    Why do you believe that?

    Each user account, one of the larger user objects and the
    most prevalent large object, are 4K (really.)

    Computer accounts are smaller but take 20K objects:

    4k x 20k = 80 Meg -- you do the math.

    > I need to dig up the calculations to confirm this. IIRC, the physical AD
    > database size with a base of 10,000 users with Win2k and/or XP computers,
    > that are all mailbox enabled is almost 500 megs.

    Not likely.

    --
    Herb Martin


    >
    > Ace
    >
    >
  9. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:elPAMmU8EHA.3592@TK2MSFTNGP09.phx.gbl,
    Herb Martin <news@LearnQuick.com> made a post then I commented below
    ::: I believe it's much larger than that. That sounds more of an NT4
    ::: size based on user/computer accounts.
    ::
    :: Why do you believe that?
    ::
    :: Each user account, one of the larger user objects and the
    :: most prevalent large object, are 4K (really.)
    ::
    :: Computer accounts are smaller but take 20K objects:
    ::
    :: 4k x 20k = 80 Meg -- you do the math.
    ::
    ::: I need to dig up the calculations to confirm this. IIRC, the
    ::: physical AD database size with a base of 10,000 users with Win2k
    ::: and/or XP computers, that are all mailbox enabled is almost 500
    ::: megs.
    ::
    :: Not likely.

    Now why are you always so punchy when I mention you may have an an error in
    your post? I was trying to point out your estimate was a little light. I
    would *always* welcome criticism or corrections at anytime for my errors.
    You don't seem to.

    That said, I easily ascertained my findings by simply using the Active
    Directory Sizer tool. It's a FREE download:
    http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/adsizer-o.asp

    I recommend anyone to use this tool who needs to estimate database size,
    (taking into considerations increased attributes due to Exchange, etc),
    minimum number of DCs and GCs required in a site, and much more. Although it
    gives *absolute mimimal* figures, it is a help in the right direction.

    Therefore, my estimate of 400megs or was slightly high. The ADSizer actually
    estimated the *domain* database size, which I based it on the original
    poster's scenario, which was based on 15,000 user accounts, 5000 Win2k, NT4
    or XP client machines, 200 additional NT based machines (NT4, W2k, XP or
    W2k3 - laptops, member servers, etc), and using Exchange for email services,
    and one site (for database size, for the argument sakes, it doesn't matter
    how many sites you have), to be:

    654megs per DC/GC.

    If Marlon does not have Exchange, the database size would be smaller
    (because of less attributes per user account and mail-enabled group
    objects):

    558megs per DC/GC.

    So Herb, please check YOUR math.

    Herb, please be a little more forgiving in the future. WE ARE ALL WORKING
    TOGETHER IN THESE GROUPS, and we're not here to criticize each other.

    Ace
Ask a new question

Read More

Performance DNS Whitepaper Windows