DNS forwarding for Active Directory Clients

Archived from groups: microsoft.public.win2000.dns (More info?)

This is a new Active Directory implementation, and DNS has been installed on
the DC's, however, the company would like clients to point to a
non-microsoft DNS server (cisco).

If the cisco DNS is setup to forward to the Microsoft DNS on the DC's, will
clients successfully be able to authenticate and locate domain controllers
through their Cisco DNS?

I guess I'm a bit confused about how forwarding would work in this
situation. If the Cisco DNS does not support the resource locator records,
but it can forward to the DNS server which does contain these records, will
it redirect clients to the Microsoft DNS, or will the resolution fail
because the cisco DNS does not understand resource records, and although it
forwards correctly, the replies that it receives from the Domain Controllers
is not understood and doesn't arrive to the client?
3 answers Last reply
More about forwarding active directory clients
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    the company would like clients to point to a
    > non-microsoft DNS server (cisco).
    >


    If the Cisco DNS support SRV records you will be OK.


    If the Cisco DNS does not support the resource locator records,
    > but it can forward to the DNS server which does contain these records,
    > will it redirect clients to the Microsoft DNS, or will the resolution fail
    > because the cisco DNS does not understand resource records, and although
    > it forwards correctly, the replies that it receives from the Domain
    > Controllers is not understood and doesn't arrive to the client?

    If the Cisco DNS server does not support SRV records think about pointing
    your AD clients to the Windows DNS server and having the Windows DNS server
    forward to the Cisco DNS server.

    If the Cisco DNS server does not support SRV records and you point your
    clients to this DNS server you will notice a long delay in logging on, Group
    policy will not work properly, Kerberos errors, etc..

    hth
    DDS W 2k MVP MCSE

    "Ziek" <ziek@nomail.net> wrote in message
    news:umqFPpNfFHA.3560@TK2MSFTNGP09.phx.gbl...
    > This is a new Active Directory implementation, and DNS has been installed
    > on the DC's, however, the company would like clients to point to a
    > non-microsoft DNS server (cisco).
    >
    > If the cisco DNS is setup to forward to the Microsoft DNS on the DC's,
    > will clients successfully be able to authenticate and locate domain
    > controllers through their Cisco DNS?
    >
    > I guess I'm a bit confused about how forwarding would work in this
    > situation. If the Cisco DNS does not support the resource locator
    > records, but it can forward to the DNS server which does contain these
    > records, will it redirect clients to the Microsoft DNS, or will the
    > resolution fail because the cisco DNS does not understand resource
    > records, and although it forwards correctly, the replies that it receives
    > from the Domain Controllers is not understood and doesn't arrive to the
    > client?
    >
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    "" wrote:
    > This is a new Active Directory implementation, and DNS has
    > been installed on
    > the DC's, however, the company would like clients to point to
    > a
    > non-microsoft DNS server (cisco).
    >
    > If the cisco DNS is setup to forward to the Microsoft DNS on
    > the DC's, will
    > clients successfully be able to authenticate and locate domain
    > controllers
    > through their Cisco DNS?
    >
    > I guess I'm a bit confused about how forwarding would work in
    > this
    > situation. If the Cisco DNS does not support the resource
    > locator records,
    > but it can forward to the DNS server which does contain these
    > records, will
    > it redirect clients to the Microsoft DNS, or will the
    > resolution fail
    > because the cisco DNS does not understand resource records,
    > and although it
    > forwards correctly, the replies that it receives from the
    > Domain Controllers
    > is not understood and doesn't arrive to the client?

    I think for this to work the CISCO DNS must understand srv records

    I have seen implementations where the domain with A records was hosted
    on UNIX DNS and service records domains (_msdcs, etc) where delegated
    to MS DNS

    You can try it by configuring forwarding on the CISCO DNS, use a
    client with a static DNS address that points to CISCO DNS and logon
    locally and use DNS lookup TO SEE what happens

    NSLOOKUP
    set typ=srv
    _ldap._tcp.dc._msdcs.<domain>.<tld>
    _ldap._tcp.<site>._sites.dc._msdcs.<domain>.<tld>

    Cheers,

    --
    Posted using the http://www.windowsforumz.com interface, at author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.windowsforumz.com/DNS-forwarding-Active-Directory-Clients-ftopict551511.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1748288
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Ziek" <ziek@nomail.net> wrote in message
    news:umqFPpNfFHA.3560@TK2MSFTNGP09.phx.gbl...
    > This is a new Active Directory implementation, and DNS has been installed
    on
    > the DC's, however, the company would like clients to point to a
    > non-microsoft DNS server (cisco).
    >
    > If the cisco DNS is setup to forward to the Microsoft DNS on the DC's,
    will
    > clients successfully be able to authenticate and locate domain controllers
    > through their Cisco DNS?

    Technically clients can point to ANY DNS server WHICH can provide
    them with the correct answers they need.

    As long as the server used directly by the clients understands requests for
    SRV records AND will find the zone server (or it itself a secondary for
    that zone) that supports the AD then it will work.


    > I guess I'm a bit confused about how forwarding would work in this
    > situation. If the Cisco DNS does not support the resource locator
    records,

    Then it isn't likely to understand the requests, or be able to return the
    answers.

    > but it can forward to the DNS server which does contain these records,
    will
    > it redirect clients to the Microsoft DNS, or will the resolution fail

    There is no such "redirection" -- forwarding involves the request DNS server
    performing the lookup on behalf of the clients by querying the forwarder who
    either has those records OR can find the server which has them.

    > because the cisco DNS does not understand resource records, and although
    it
    > forwards correctly, the replies that it receives from the Domain
    Controllers
    > is not understood and doesn't arrive to the client?

    Then it is unlikely to work.

    Why would the clients be required to use the Cisco if it isn't a modern
    server?

    (SRV has been defined and implemented generally since about 2000 -- even
    NT 4 DNS servers with enough service pack level can handle SRV records.)


    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]

    >
    >
Ask a new question

Read More

Cisco Microsoft DNS Active Directory Windows