Sign in with
Sign up | Sign in
Your question

DNS Design question

Last response: in Windows 2000/NT
Share
Anonymous
March 1, 2005 2:08:42 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi all,

I have multiple sites connected via frame relay and am running both Netware
5.1 and W2k. I'm looking for guidance on re-designing our dns structure.
Here's the layout: we have 12 locations, most of which have about 6 - 12
users. All locations except for one use Netware as their primary f & p
server. One location has a w2k dc and we have another dc in our ops center.
We have two locations that we have w2k member servers running apps (SQL2k,
TS). At one of those locations, we'll convert one of the servers to a w2k
dc. Right now, we're using primary/secondary zones on the 2k servers. Users
that use a mortagage program (on one of the member servers) are located in
several locations. Users that use a trust services program, are contained in
one location.

The question: I'm converting our netware network to pure ip and will install
dns on all servers, setting up child zones for each of the locations that
contain a NW box. Our 2k servers are setup to forward queries for internet
resources. My question is what would be the best approach for designing dns
in those locations that have both 2k and nw? Perhaps setup both, using one
for failover and copying any necessary records to the 2k server? And the
clients?

More about : dns design question

Anonymous
March 1, 2005 2:23:37 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23GsQyjnHFHA.3612@TK2MSFTNGP09.phx.gbl,
C Hall <someone@microsoft.com> commented
Then Kevin replied below:
> Hi all,
>
> I have multiple sites connected via frame relay and am
> running both Netware
> 5.1 and W2k. I'm looking for guidance on re-designing our
> dns structure. Here's the layout: we have 12 locations,
> most of which have about 6 - 12 users. All locations
> except for one use Netware as their primary f & p server.
> One location has a w2k dc and we have another dc in our
> ops center. We have two locations that we have w2k member
> servers running apps (SQL2k, TS). At one of those
> locations, we'll convert one of the servers to a w2k dc.
> Right now, we're using primary/secondary zones on the 2k
> servers. Users that use a mortagage program (on one of
> the member servers) are located in several locations.
> Users that use a trust services program, are contained in
> one location.
>
> The question: I'm converting our netware network to pure
> ip and will install dns on all servers, setting up child
> zones for each of the locations that contain a NW box.
> Our 2k servers are setup to forward queries for internet
> resources. My question is what would be the best approach
> for designing dns in those locations that have both 2k
> and nw? Perhaps setup both, using one for failover and
> copying any necessary records to the 2k server? And the
> clients?

I don't know to much about Netware, but I can tell you don't use its DNS IP
on the Windows domain members, if the NW DNS has different names in it from
the Windows DNS, use the NW DNS as a forwarder for the Windows DNS, then
check the box "Do not use recursion" (Forwarders tab)
Active Directory domains use DNS to locate domain controllers for
authentication, if there is a DNS server that does not support the AD domain
in the client DNS list, in any position, you can expect very inconsistent
behavior and network errors.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
March 1, 2005 3:55:18 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Let me make sure I get this correct:

> but I can tell you don't use its DNS IP on the Windows domain members,
On the windows dns mmc, don't add the NW DNS ip address as a dns member
server.

>if the NW DNS has different names in it from the Windows DNS,
Would you be referring to the zone or internal domain names?

>use the NW DNS as a forwarder for the Windows DNS
In the windows dns mmc, click the tab where you set a forwarder and enter
the NW IP?

> then
> check the box "Do not use recursion" (Forwarders tab)
On windows?


> Active Directory domains use DNS to locate domain controllers for
> authentication, if there is a DNS server that does not support the AD
domain
> in the client DNS list, in any position, you can expect very inconsistent
> behavior and network errors.
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
Related resources
Anonymous
March 1, 2005 5:33:52 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:e%23e3VfoHFHA.3332@TK2MSFTNGP15.phx.gbl,
C Hall <someone@microsoft.com> commented
Then Kevin replied below:
> Let me make sure I get this correct:
>
>> but I can tell you don't use its DNS IP on the Windows
>> domain members,
> On the windows dns mmc, don't add the NW DNS ip address
> as a dns member server.

Not sure what you mean here, i was talking about in TCP/IP properties on the
machine's interfaces. All AD domain members must use only the DNS for the AD
domain, if the DNS server does not have a zone for the AD domain, don't use
it for DNS on any interface, in any position.

>
>> if the NW DNS has different names in it from the Windows
>> DNS,
> Would you be referring to the zone or internal domain
> names?

If the Netware DNS has domains that are not in the Windows DNS, use it a a
forwarder for the Windows DNS.

>
>> use the NW DNS as a forwarder for the Windows DNS
> In the windows dns mmc, click the tab where you set a
> forwarder and enter the NW IP?

Yes.

>
>> then
>> check the box "Do not use recursion" (Forwarders tab)
> On windows?

Yes, this prevents the Windows DNS from using root hints to find names in
the NW DNS.





--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
March 1, 2005 9:17:14 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:e#wj93pHFHA.2356@TK2MSFTNGP12.phx.gbl...
> In news:e%23e3VfoHFHA.3332@TK2MSFTNGP15.phx.gbl,
> C Hall <someone@microsoft.com> commented
> Then Kevin replied below:
> > Let me make sure I get this correct:
> >
> >> but I can tell you don't use its DNS IP on the Windows
> >> domain members,
> > On the windows dns mmc, don't add the NW DNS ip address
> > as a dns member server.
>
> Not sure what you mean here, i was talking about in TCP/IP properties on
the
> machine's interfaces. All AD domain members must use only the DNS for the
AD
> domain, if the DNS server does not have a zone for the AD domain, don't
use
> it for DNS on any interface, in any position.

Kevin is correct in a general way here.

Technically all domain members must be able
to RESOLVE the domain's DNS zone entries,
which usually means using the DNS server(s)
that hold that zone directly.

But more generally internally machines must use
internal DNS servers that can resolve all internal
names.

(Even this is slightly askew since again the key is
that whatever server the clients use it must resolve
all of the names needed by that client, but the
practical truth of the above and the common
practices are what Kevin is referring too.)

If clients do not use the actual DNS server holding
their domain's DNS zone, they must use one that
will resolve it correct -- that is one that delegates
to it, (conditionally) forwards to it, holds a secondary
copy of it, or otherwise finds a way to resolve the
names the client need.

--
Herb Martin


>
> >
> >> if the NW DNS has different names in it from the Windows
> >> DNS,
> > Would you be referring to the zone or internal domain
> > names?
>
> If the Netware DNS has domains that are not in the Windows DNS, use it a a
> forwarder for the Windows DNS.
>
> >
> >> use the NW DNS as a forwarder for the Windows DNS
> > In the windows dns mmc, click the tab where you set a
> > forwarder and enter the NW IP?
>
> Yes.
>
> >
> >> then
> >> check the box "Do not use recursion" (Forwarders tab)
> > On windows?
>
> Yes, this prevents the Windows DNS from using root hints to find names in
> the NW DNS.
>
>
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
Anonymous
March 2, 2005 1:14:41 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks Kevin & Herb for your posts.

The more I read, the more questions I have....let me take this a piece at a
time.

First, the two w2k DNS servers:

I have configured one forward lookup zone--domain_name.com. The server
located in our main office is primary for this zone and the other server is
secondary for the zone. I have three reverse lookup zones--1 for the main
location, 1 for the remote location and another where I will be locating
another dc. We have no more than 200 nodes at this point. Is this an
efficient design? Or do you have recommendations? Would it be better to
create child forward lookup zones for EACH location and leave the root
empty? I guess I have envisioned using the netware server in our main
location as a secondary dns server to the primary w2k dns server in the main
location.

On the netware side, I'll be creating a child zone for each of the
locations, making the server at that location primary for it's forward and
reverse lookup zones.

"Herb Martin" <news@LearnQuick.com> wrote in message
news:unJEz1rHFHA.2860@TK2MSFTNGP12.phx.gbl...
> "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
> news:e#wj93pHFHA.2356@TK2MSFTNGP12.phx.gbl...
> > In news:e%23e3VfoHFHA.3332@TK2MSFTNGP15.phx.gbl,
> > C Hall <someone@microsoft.com> commented
> > Then Kevin replied below:
> > > Let me make sure I get this correct:
> > >
> > >> but I can tell you don't use its DNS IP on the Windows
> > >> domain members,
> > > On the windows dns mmc, don't add the NW DNS ip address
> > > as a dns member server.
> >
> > Not sure what you mean here, i was talking about in TCP/IP properties on
> the
> > machine's interfaces. All AD domain members must use only the DNS for
the
> AD
> > domain, if the DNS server does not have a zone for the AD domain, don't
> use
> > it for DNS on any interface, in any position.
>
> Kevin is correct in a general way here.
>
> Technically all domain members must be able
> to RESOLVE the domain's DNS zone entries,
> which usually means using the DNS server(s)
> that hold that zone directly.
>
> But more generally internally machines must use
> internal DNS servers that can resolve all internal
> names.
>
> (Even this is slightly askew since again the key is
> that whatever server the clients use it must resolve
> all of the names needed by that client, but the
> practical truth of the above and the common
> practices are what Kevin is referring too.)
>
> If clients do not use the actual DNS server holding
> their domain's DNS zone, they must use one that
> will resolve it correct -- that is one that delegates
> to it, (conditionally) forwards to it, holds a secondary
> copy of it, or otherwise finds a way to resolve the
> names the client need.
>
> --
> Herb Martin
>
>
> >
> > >
> > >> if the NW DNS has different names in it from the Windows
> > >> DNS,
> > > Would you be referring to the zone or internal domain
> > > names?
> >
> > If the Netware DNS has domains that are not in the Windows DNS, use it a
a
> > forwarder for the Windows DNS.
> >
> > >
> > >> use the NW DNS as a forwarder for the Windows DNS
> > > In the windows dns mmc, click the tab where you set a
> > > forwarder and enter the NW IP?
> >
> > Yes.
> >
> > >
> > >> then
> > >> check the box "Do not use recursion" (Forwarders tab)
> > > On windows?
> >
> > Yes, this prevents the Windows DNS from using root hints to find names
in
> > the NW DNS.
> >
> >
> >
> >
> >
> > --
> > Best regards,
> > Kevin D4 Dad Goodknecht Sr. [MVP]
> > Hope This Helps
> > ===================================
> > When responding to posts, please "Reply to Group"
> > via your newsreader so that others may learn and
> > benefit from your issue, to respond directly to
> > me remove the nospam. from my email address.
> > ===================================
> > http://www.lonestaramerica.com/
> > ===================================
> > Use Outlook Express?... Get OE_Quotefix:
> > It will strip signature out and more
> > http://home.in.tum.de/~jain/software/oe-quotefix/
> > ===================================
> > Keep a back up of your OE settings and folders
> > with OEBackup:
> > http://www.oehelp.com/OEBackup/Default.aspx
> > ===================================
> >
> >
>
>
Anonymous
March 2, 2005 1:14:42 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23AsDQqzHFHA.2736@TK2MSFTNGP09.phx.gbl,
C Hall <someone@microsoft.com> commented
Then Kevin replied below:
> Thanks Kevin & Herb for your posts.
>
> The more I read, the more questions I have....let me take
> this a piece at a time.
>
> First, the two w2k DNS servers:
>
> I have configured one forward lookup
> zone--domain_name.com. The server located in our main
> office is primary for this zone and the other server is
> secondary for the zone. I have three reverse lookup
> zones--1 for the main location, 1 for the remote location
> and another where I will be locating another dc. We have
> no more than 200 nodes at this point. Is this an
> efficient design? Or do you have recommendations? Would
> it be better to create child forward lookup zones for
> EACH location and leave the root empty? I guess I have
> envisioned using the netware server in our main location
> as a secondary dns server to the primary w2k dns server
> in the main location.
>
> On the netware side, I'll be creating a child zone for
> each of the locations, making the server at that location
> primary for it's forward and reverse lookup zones.

One problem you have, I forgot to mention, the underscore in your domain
name. An underscore, is only a legal character if it is the first character
in a subdomain. You have to set the Windows DNS to Name Checking allow All
names on the Advanced Tab of the DNS server property sheet. I'm not sure
what you have to do to BIND, to accept the underscore. If you run netdiag /v
you will get a warning message for the invalid character and that not all
DNS servers support the underscore.

Also, I recommend to use AD integrated DNS zones instead of
Primary/Secondary scenario. To change this, delete the secondary zone and
change the primary to AD integrated and wait for the zone to replicate. Do
not create or convert the secondary to AD integrated, this will create a
conflicting zone in AD and possibly overwrite the first zone you convert to
AD.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
March 2, 2005 2:04:02 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

> One problem you have, I forgot to mention, the underscore in your domain
> name. An underscore, is only a legal character if it is the first
character
> in a subdomain. You have to set the Windows DNS to Name Checking allow All
> names on the Advanced Tab of the DNS server property sheet. I'm not sure
> what you have to do to BIND, to accept the underscore. If you run netdiag
/v
> you will get a warning message for the invalid character and that not all
> DNS servers support the underscore.

I was just using that as an example, but thanks for the info. I do have some
servers named server_name. Would that cause a problem? It doesn't seem to.

> Also, I recommend to use AD integrated DNS zones instead of
> Primary/Secondary scenario. To change this, delete the secondary zone and
> change the primary to AD integrated and wait for the zone to replicate. Do
> not create or convert the secondary to AD integrated, this will create a
> conflicting zone in AD and possibly overwrite the first zone you convert
to
> AD.

I would use integrated zones except that a couple of our locations will have
both NW &2k DNS. In the back of my mind, I'll be making the NW server a
secondary server to the w2k.
!