DNS forwarding for Active Directory Clients

[Ziek]

Archived from groups: microsoft.public.win2000.dns (More info?)

This is a new Active Directory implementation, and DNS has been installed on
the DC's, however, the company would like clients to point to a
non-microsoft DNS server (cisco).

If the cisco DNS is setup to forward to the Microsoft DNS on the DC's, will
clients successfully be able to authenticate and locate domain controllers
through their Cisco DNS?

I guess I'm a bit confused about how forwarding would work in this
situation. If the Cisco DNS does not support the resource locator records,
but it can forward to the DNS server which does contain these records, will
it redirect clients to the Microsoft DNS, or will the resolution fail
because the cisco DNS does not understand resource records, and although it
forwards correctly, the replies that it receives from the Domain Controllers
is not understood and doesn't arrive to the client?

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

the company would like clients to point to a
> non-microsoft DNS server (cisco).
>


If the Cisco DNS support SRV records you will be OK.


If the Cisco DNS does not support the resource locator records,
> but it can forward to the DNS server which does contain these records,
> will it redirect clients to the Microsoft DNS, or will the resolution fail
> because the cisco DNS does not understand resource records, and although
> it forwards correctly, the replies that it receives from the Domain
> Controllers is not understood and doesn't arrive to the client?

If the Cisco DNS server does not support SRV records think about pointing
your AD clients to the Windows DNS server and having the Windows DNS server
forward to the Cisco DNS server.

If the Cisco DNS server does not support SRV records and you point your
clients to this DNS server you will notice a long delay in logging on, Group
policy will not work properly, Kerberos errors, etc..

hth
DDS W 2k MVP MCSE

"Ziek" <ziek@nomail.net> wrote in message
news:umqFPpNfFHA.3560@TK2MSFTNGP09.phx.gbl...
> This is a new Active Directory implementation, and DNS has been installed
> on the DC's, however, the company would like clients to point to a
> non-microsoft DNS server (cisco).
>
> If the cisco DNS is setup to forward to the Microsoft DNS on the DC's,
> will clients successfully be able to authenticate and locate domain
> controllers through their Cisco DNS?
>
> I guess I'm a bit confused about how forwarding would work in this
> situation. If the Cisco DNS does not support the resource locator
> records, but it can forward to the DNS server which does contain these
> records, will it redirect clients to the Microsoft DNS, or will the
> resolution fail because the cisco DNS does not understand resource
> records, and although it forwards correctly, the replies that it receives
> from the Domain Controllers is not understood and doesn't arrive to the
> client?
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"" wrote:
> This is a new Active Directory implementation, and DNS has
> been installed on
> the DC's, however, the company would like clients to point to
> a
> non-microsoft DNS server (cisco).
>
> If the cisco DNS is setup to forward to the Microsoft DNS on
> the DC's, will
> clients successfully be able to authenticate and locate domain
> controllers
> through their Cisco DNS?
>
> I guess I'm a bit confused about how forwarding would work in
> this
> situation. If the Cisco DNS does not support the resource
> locator records,
> but it can forward to the DNS server which does contain these
> records, will
> it redirect clients to the Microsoft DNS, or will the
> resolution fail
> because the cisco DNS does not understand resource records,
> and although it
> forwards correctly, the replies that it receives from the
> Domain Controllers
> is not understood and doesn't arrive to the client?

I think for this to work the CISCO DNS must understand srv records

I have seen implementations where the domain with A records was hosted
on UNIX DNS and service records domains (_msdcs, etc) where delegated
to MS DNS

You can try it by configuring forwarding on the CISCO DNS, use a
client with a static DNS address that points to CISCO DNS and logon
locally and use DNS lookup TO SEE what happens

NSLOOKUP
set typ=srv
_ldap._tcp.dc._msdcs.<domain>.<tld>
_ldap._tcp.<site>._sites.dc._msdcs.<domain>.<tld>

Cheers,

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/DNS-forwarding-Active-Directory-Clients-ftopict551511.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1748288

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"Ziek" <ziek@nomail.net> wrote in message
news:umqFPpNfFHA.3560@TK2MSFTNGP09.phx.gbl...
> This is a new Active Directory implementation, and DNS has been installed
on
> the DC's, however, the company would like clients to point to a
> non-microsoft DNS server (cisco).
>
> If the cisco DNS is setup to forward to the Microsoft DNS on the DC's,
will
> clients successfully be able to authenticate and locate domain controllers
> through their Cisco DNS?

Technically clients can point to ANY DNS server WHICH can provide
them with the correct answers they need.

As long as the server used directly by the clients understands requests for
SRV records AND will find the zone server (or it itself a secondary for
that zone) that supports the AD then it will work.


> I guess I'm a bit confused about how forwarding would work in this
> situation. If the Cisco DNS does not support the resource locator
records,

Then it isn't likely to understand the requests, or be able to return the
answers.

> but it can forward to the DNS server which does contain these records,
will
> it redirect clients to the Microsoft DNS, or will the resolution fail

There is no such "redirection" -- forwarding involves the request DNS server
performing the lookup on behalf of the clients by querying the forwarder who
either has those records OR can find the server which has them.

> because the cisco DNS does not understand resource records, and although
it
> forwards correctly, the replies that it receives from the Domain
Controllers
> is not understood and doesn't arrive to the client?

Then it is unlikely to work.

Why would the clients be required to use the Cisco if it isn't a modern
server?

(SRV has been defined and implemented generally since about 2000 -- even
NT 4 DNS servers with enough service pack level can handle SRV records.)


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
>