DNS Design question

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi all,

I have multiple sites connected via frame relay and am running both Netware
5.1 and W2k. I'm looking for guidance on re-designing our dns structure.
Here's the layout: we have 12 locations, most of which have about 6 - 12
users. All locations except for one use Netware as their primary f & p
server. One location has a w2k dc and we have another dc in our ops center.
We have two locations that we have w2k member servers running apps (SQL2k,
TS). At one of those locations, we'll convert one of the servers to a w2k
dc. Right now, we're using primary/secondary zones on the 2k servers. Users
that use a mortagage program (on one of the member servers) are located in
several locations. Users that use a trust services program, are contained in
one location.

The question: I'm converting our netware network to pure ip and will install
dns on all servers, setting up child zones for each of the locations that
contain a NW box. Our 2k servers are setup to forward queries for internet
resources. My question is what would be the best approach for designing dns
in those locations that have both 2k and nw? Perhaps setup both, using one
for failover and copying any necessary records to the 2k server? And the
clients?
7 answers Last reply
More about design question
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:%23GsQyjnHFHA.3612@TK2MSFTNGP09.phx.gbl,
    C Hall <someone@microsoft.com> commented
    Then Kevin replied below:
    > Hi all,
    >
    > I have multiple sites connected via frame relay and am
    > running both Netware
    > 5.1 and W2k. I'm looking for guidance on re-designing our
    > dns structure. Here's the layout: we have 12 locations,
    > most of which have about 6 - 12 users. All locations
    > except for one use Netware as their primary f & p server.
    > One location has a w2k dc and we have another dc in our
    > ops center. We have two locations that we have w2k member
    > servers running apps (SQL2k, TS). At one of those
    > locations, we'll convert one of the servers to a w2k dc.
    > Right now, we're using primary/secondary zones on the 2k
    > servers. Users that use a mortagage program (on one of
    > the member servers) are located in several locations.
    > Users that use a trust services program, are contained in
    > one location.
    >
    > The question: I'm converting our netware network to pure
    > ip and will install dns on all servers, setting up child
    > zones for each of the locations that contain a NW box.
    > Our 2k servers are setup to forward queries for internet
    > resources. My question is what would be the best approach
    > for designing dns in those locations that have both 2k
    > and nw? Perhaps setup both, using one for failover and
    > copying any necessary records to the 2k server? And the
    > clients?

    I don't know to much about Netware, but I can tell you don't use its DNS IP
    on the Windows domain members, if the NW DNS has different names in it from
    the Windows DNS, use the NW DNS as a forwarder for the Windows DNS, then
    check the box "Do not use recursion" (Forwarders tab)
    Active Directory domains use DNS to locate domain controllers for
    authentication, if there is a DNS server that does not support the AD domain
    in the client DNS list, in any position, you can expect very inconsistent
    behavior and network errors.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    Let me make sure I get this correct:

    > but I can tell you don't use its DNS IP on the Windows domain members,
    On the windows dns mmc, don't add the NW DNS ip address as a dns member
    server.

    >if the NW DNS has different names in it from the Windows DNS,
    Would you be referring to the zone or internal domain names?

    >use the NW DNS as a forwarder for the Windows DNS
    In the windows dns mmc, click the tab where you set a forwarder and enter
    the NW IP?

    > then
    > check the box "Do not use recursion" (Forwarders tab)
    On windows?


    > Active Directory domains use DNS to locate domain controllers for
    > authentication, if there is a DNS server that does not support the AD
    domain
    > in the client DNS list, in any position, you can expect very inconsistent
    > behavior and network errors.
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ===================================
    > When responding to posts, please "Reply to Group"
    > via your newsreader so that others may learn and
    > benefit from your issue, to respond directly to
    > me remove the nospam. from my email address.
    > ===================================
    > http://www.lonestaramerica.com/
    > ===================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ===================================
    > Keep a back up of your OE settings and folders
    > with OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ===================================
    >
    >
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:e%23e3VfoHFHA.3332@TK2MSFTNGP15.phx.gbl,
    C Hall <someone@microsoft.com> commented
    Then Kevin replied below:
    > Let me make sure I get this correct:
    >
    >> but I can tell you don't use its DNS IP on the Windows
    >> domain members,
    > On the windows dns mmc, don't add the NW DNS ip address
    > as a dns member server.

    Not sure what you mean here, i was talking about in TCP/IP properties on the
    machine's interfaces. All AD domain members must use only the DNS for the AD
    domain, if the DNS server does not have a zone for the AD domain, don't use
    it for DNS on any interface, in any position.

    >
    >> if the NW DNS has different names in it from the Windows
    >> DNS,
    > Would you be referring to the zone or internal domain
    > names?

    If the Netware DNS has domains that are not in the Windows DNS, use it a a
    forwarder for the Windows DNS.

    >
    >> use the NW DNS as a forwarder for the Windows DNS
    > In the windows dns mmc, click the tab where you set a
    > forwarder and enter the NW IP?

    Yes.

    >
    >> then
    >> check the box "Do not use recursion" (Forwarders tab)
    > On windows?

    Yes, this prevents the Windows DNS from using root hints to find names in
    the NW DNS.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
    news:e#wj93pHFHA.2356@TK2MSFTNGP12.phx.gbl...
    > In news:e%23e3VfoHFHA.3332@TK2MSFTNGP15.phx.gbl,
    > C Hall <someone@microsoft.com> commented
    > Then Kevin replied below:
    > > Let me make sure I get this correct:
    > >
    > >> but I can tell you don't use its DNS IP on the Windows
    > >> domain members,
    > > On the windows dns mmc, don't add the NW DNS ip address
    > > as a dns member server.
    >
    > Not sure what you mean here, i was talking about in TCP/IP properties on
    the
    > machine's interfaces. All AD domain members must use only the DNS for the
    AD
    > domain, if the DNS server does not have a zone for the AD domain, don't
    use
    > it for DNS on any interface, in any position.

    Kevin is correct in a general way here.

    Technically all domain members must be able
    to RESOLVE the domain's DNS zone entries,
    which usually means using the DNS server(s)
    that hold that zone directly.

    But more generally internally machines must use
    internal DNS servers that can resolve all internal
    names.

    (Even this is slightly askew since again the key is
    that whatever server the clients use it must resolve
    all of the names needed by that client, but the
    practical truth of the above and the common
    practices are what Kevin is referring too.)

    If clients do not use the actual DNS server holding
    their domain's DNS zone, they must use one that
    will resolve it correct -- that is one that delegates
    to it, (conditionally) forwards to it, holds a secondary
    copy of it, or otherwise finds a way to resolve the
    names the client need.

    --
    Herb Martin


    >
    > >
    > >> if the NW DNS has different names in it from the Windows
    > >> DNS,
    > > Would you be referring to the zone or internal domain
    > > names?
    >
    > If the Netware DNS has domains that are not in the Windows DNS, use it a a
    > forwarder for the Windows DNS.
    >
    > >
    > >> use the NW DNS as a forwarder for the Windows DNS
    > > In the windows dns mmc, click the tab where you set a
    > > forwarder and enter the NW IP?
    >
    > Yes.
    >
    > >
    > >> then
    > >> check the box "Do not use recursion" (Forwarders tab)
    > > On windows?
    >
    > Yes, this prevents the Windows DNS from using root hints to find names in
    > the NW DNS.
    >
    >
    >
    >
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ===================================
    > When responding to posts, please "Reply to Group"
    > via your newsreader so that others may learn and
    > benefit from your issue, to respond directly to
    > me remove the nospam. from my email address.
    > ===================================
    > http://www.lonestaramerica.com/
    > ===================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ===================================
    > Keep a back up of your OE settings and folders
    > with OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ===================================
    >
    >
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    Thanks Kevin & Herb for your posts.

    The more I read, the more questions I have....let me take this a piece at a
    time.

    First, the two w2k DNS servers:

    I have configured one forward lookup zone--domain_name.com. The server
    located in our main office is primary for this zone and the other server is
    secondary for the zone. I have three reverse lookup zones--1 for the main
    location, 1 for the remote location and another where I will be locating
    another dc. We have no more than 200 nodes at this point. Is this an
    efficient design? Or do you have recommendations? Would it be better to
    create child forward lookup zones for EACH location and leave the root
    empty? I guess I have envisioned using the netware server in our main
    location as a secondary dns server to the primary w2k dns server in the main
    location.

    On the netware side, I'll be creating a child zone for each of the
    locations, making the server at that location primary for it's forward and
    reverse lookup zones.

    "Herb Martin" <news@LearnQuick.com> wrote in message
    news:unJEz1rHFHA.2860@TK2MSFTNGP12.phx.gbl...
    > "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
    > news:e#wj93pHFHA.2356@TK2MSFTNGP12.phx.gbl...
    > > In news:e%23e3VfoHFHA.3332@TK2MSFTNGP15.phx.gbl,
    > > C Hall <someone@microsoft.com> commented
    > > Then Kevin replied below:
    > > > Let me make sure I get this correct:
    > > >
    > > >> but I can tell you don't use its DNS IP on the Windows
    > > >> domain members,
    > > > On the windows dns mmc, don't add the NW DNS ip address
    > > > as a dns member server.
    > >
    > > Not sure what you mean here, i was talking about in TCP/IP properties on
    > the
    > > machine's interfaces. All AD domain members must use only the DNS for
    the
    > AD
    > > domain, if the DNS server does not have a zone for the AD domain, don't
    > use
    > > it for DNS on any interface, in any position.
    >
    > Kevin is correct in a general way here.
    >
    > Technically all domain members must be able
    > to RESOLVE the domain's DNS zone entries,
    > which usually means using the DNS server(s)
    > that hold that zone directly.
    >
    > But more generally internally machines must use
    > internal DNS servers that can resolve all internal
    > names.
    >
    > (Even this is slightly askew since again the key is
    > that whatever server the clients use it must resolve
    > all of the names needed by that client, but the
    > practical truth of the above and the common
    > practices are what Kevin is referring too.)
    >
    > If clients do not use the actual DNS server holding
    > their domain's DNS zone, they must use one that
    > will resolve it correct -- that is one that delegates
    > to it, (conditionally) forwards to it, holds a secondary
    > copy of it, or otherwise finds a way to resolve the
    > names the client need.
    >
    > --
    > Herb Martin
    >
    >
    > >
    > > >
    > > >> if the NW DNS has different names in it from the Windows
    > > >> DNS,
    > > > Would you be referring to the zone or internal domain
    > > > names?
    > >
    > > If the Netware DNS has domains that are not in the Windows DNS, use it a
    a
    > > forwarder for the Windows DNS.
    > >
    > > >
    > > >> use the NW DNS as a forwarder for the Windows DNS
    > > > In the windows dns mmc, click the tab where you set a
    > > > forwarder and enter the NW IP?
    > >
    > > Yes.
    > >
    > > >
    > > >> then
    > > >> check the box "Do not use recursion" (Forwarders tab)
    > > > On windows?
    > >
    > > Yes, this prevents the Windows DNS from using root hints to find names
    in
    > > the NW DNS.
    > >
    > >
    > >
    > >
    > >
    > > --
    > > Best regards,
    > > Kevin D4 Dad Goodknecht Sr. [MVP]
    > > Hope This Helps
    > > ===================================
    > > When responding to posts, please "Reply to Group"
    > > via your newsreader so that others may learn and
    > > benefit from your issue, to respond directly to
    > > me remove the nospam. from my email address.
    > > ===================================
    > > http://www.lonestaramerica.com/
    > > ===================================
    > > Use Outlook Express?... Get OE_Quotefix:
    > > It will strip signature out and more
    > > http://home.in.tum.de/~jain/software/oe-quotefix/
    > > ===================================
    > > Keep a back up of your OE settings and folders
    > > with OEBackup:
    > > http://www.oehelp.com/OEBackup/Default.aspx
    > > ===================================
    > >
    > >
    >
    >
  6. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:%23AsDQqzHFHA.2736@TK2MSFTNGP09.phx.gbl,
    C Hall <someone@microsoft.com> commented
    Then Kevin replied below:
    > Thanks Kevin & Herb for your posts.
    >
    > The more I read, the more questions I have....let me take
    > this a piece at a time.
    >
    > First, the two w2k DNS servers:
    >
    > I have configured one forward lookup
    > zone--domain_name.com. The server located in our main
    > office is primary for this zone and the other server is
    > secondary for the zone. I have three reverse lookup
    > zones--1 for the main location, 1 for the remote location
    > and another where I will be locating another dc. We have
    > no more than 200 nodes at this point. Is this an
    > efficient design? Or do you have recommendations? Would
    > it be better to create child forward lookup zones for
    > EACH location and leave the root empty? I guess I have
    > envisioned using the netware server in our main location
    > as a secondary dns server to the primary w2k dns server
    > in the main location.
    >
    > On the netware side, I'll be creating a child zone for
    > each of the locations, making the server at that location
    > primary for it's forward and reverse lookup zones.

    One problem you have, I forgot to mention, the underscore in your domain
    name. An underscore, is only a legal character if it is the first character
    in a subdomain. You have to set the Windows DNS to Name Checking allow All
    names on the Advanced Tab of the DNS server property sheet. I'm not sure
    what you have to do to BIND, to accept the underscore. If you run netdiag /v
    you will get a warning message for the invalid character and that not all
    DNS servers support the underscore.

    Also, I recommend to use AD integrated DNS zones instead of
    Primary/Secondary scenario. To change this, delete the secondary zone and
    change the primary to AD integrated and wait for the zone to replicate. Do
    not create or convert the secondary to AD integrated, this will create a
    conflicting zone in AD and possibly overwrite the first zone you convert to
    AD.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  7. Archived from groups: microsoft.public.win2000.dns (More info?)

    > One problem you have, I forgot to mention, the underscore in your domain
    > name. An underscore, is only a legal character if it is the first
    character
    > in a subdomain. You have to set the Windows DNS to Name Checking allow All
    > names on the Advanced Tab of the DNS server property sheet. I'm not sure
    > what you have to do to BIND, to accept the underscore. If you run netdiag
    /v
    > you will get a warning message for the invalid character and that not all
    > DNS servers support the underscore.

    I was just using that as an example, but thanks for the info. I do have some
    servers named server_name. Would that cause a problem? It doesn't seem to.

    > Also, I recommend to use AD integrated DNS zones instead of
    > Primary/Secondary scenario. To change this, delete the secondary zone and
    > change the primary to AD integrated and wait for the zone to replicate. Do
    > not create or convert the secondary to AD integrated, this will create a
    > conflicting zone in AD and possibly overwrite the first zone you convert
    to
    > AD.

    I would use integrated zones except that a couple of our locations will have
    both NW &2k DNS. In the back of my mind, I'll be making the NW server a
    secondary server to the w2k.
Ask a new question

Read More

DNS Servers Windows