PHWinfo - Afficher un message - Multiple questions regarding a DNS migration to MSDNS

20/01/2008, 16h53

Read inline please.

In news:3D1A5F4F-2712-43CC-A044-16173E321AFE@microsoft.com,
infinitiguy <infinitiguy@discussions.microsoft.com> typed:
> Here's some more information. We probably have at least 100 static
> records in each one of my zones. We have 50% of our servers as
> various flavors of unix(solaris, aix, hpux etc...) all of which are
> statically set, which is the reason to need to keep the same IP
> address of 10.65.6.2. We don't want to keep the BIND servers
> around(actually they are incognito DNS, but it's not widely used so
> for post purposes I called it BIND).
> Yes, the content of the BIND servers will be moving to ADI DNS. I
> believe
> we should be able to import in all the records without an issue,
> which I'll verify in testing.
>
> Can you see any issues with promoting the primary DNS server to a DC
> in my domain and then changing the DNS model from primary to ADI once
> things are moved over and in production?
There are any real issues in just promoting a DNS server to a DC, but so far
as converting to ADI goes, before I can tell you any other problems, I'd
need to know more about the infrastructure.
Like:
Is this a new domain you're promoting, or is it an existing AD domain with
other DCs with DNS installed? Does the zone already exist for the domain
name you are going use? Do they have any other zones? What zone types?
Will it be your only DC?

There are many other things that have to be thought through depending on the
existing infrastructure.

> Are there any pitfalls I need to look out for? I'm never a fan of making
> changes > like this to
> production machines, but in this case there seems to be very little I
> can actually do while keeping the outage to a minimal.

The biggest mistake people make is when they tried to mix zone types between
different DCs. If you change a zone to ADI on one DC, you have to remove
other zone types for the domain that may exist on other DCs.

>
> regarding the Linux clients.. I think this was more so an issue on
> my side with my DHCP lease. In testing I may have deleted my A and
> PTR records for my Linux test client and the lease was for 2 days so
> without it expiring it wouldn't re-register itself(i.e. the DHCP
> server wouldn't re-register it). I'll test this again on monday after
> the lease has expired and see what happens.

What kind of DHCP server are you using?
You should be using Win2k3 for DHCP, it can (and should) be configured with
credentials to authenticate with DNS.

>
> re: WINS. We have WINS working on the production network, from our
> old infrastructure, but I don't have it running on my test network
> yet. I am planning on getting it running at some point soon however,
> so I will keep that in mind and try that. I assume with WINS and the
> Linux clients a Linux DHCP client in Boston should be able to lookup
> a Linux DHCP client in dublin with no issues.

Yes, if your WINS server replication is working.

>
> re: my last question regarding segregation of zone administration...
> I don't quite follow what you said. You maintain 5 separate networks
> and have access to each computer by name... I understand why we use
> DNS etc... but here, I'm trying to figure out how to give a non
> administrator access to his own zone(an Engineer in canada). It's
> for political reasons that I need to allow him to make changes to his
> own zone, and no other zone, while I retain access to make changes to
> all of the zones. I figured this could've been done with security
> tab permissions on each of the zones and the main server itself, but
> whatever I tried didn't seem to work.

The only way you can do this is with Connection Specific DNS suffixes
assigned by DHCP. Then just like any other child domain, you have to
delegate these in the parent Domain's zone.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

20/01/2008, 16h53	#4
Kevin D. Goodknecht Sr. [MVP] Messages: n/a Hébergeur:	Re: Multiple questions regarding a DNS migration to MSDNS Read inline please. In news:3D1A5F4F-2712-43CC-A044-16173E321AFE@microsoft.com, infinitiguy <infinitiguy@discussions.microsoft.com> typed: > Here's some more information. We probably have at least 100 static > records in each one of my zones. We have 50% of our servers as > various flavors of unix(solaris, aix, hpux etc...) all of which are > statically set, which is the reason to need to keep the same IP > address of 10.65.6.2. We don't want to keep the BIND servers > around(actually they are incognito DNS, but it's not widely used so > for post purposes I called it BIND). > Yes, the content of the BIND servers will be moving to ADI DNS. I > believe > we should be able to import in all the records without an issue, > which I'll verify in testing. > > Can you see any issues with promoting the primary DNS server to a DC > in my domain and then changing the DNS model from primary to ADI once > things are moved over and in production? There are any real issues in just promoting a DNS server to a DC, but so far as converting to ADI goes, before I can tell you any other problems, I'd need to know more about the infrastructure. Like: Is this a new domain you're promoting, or is it an existing AD domain with other DCs with DNS installed? Does the zone already exist for the domain name you are going use? Do they have any other zones? What zone types? Will it be your only DC? There are many other things that have to be thought through depending on the existing infrastructure. > Are there any pitfalls I need to look out for? I'm never a fan of making > changes > like this to > production machines, but in this case there seems to be very little I > can actually do while keeping the outage to a minimal. The biggest mistake people make is when they tried to mix zone types between different DCs. If you change a zone to ADI on one DC, you have to remove other zone types for the domain that may exist on other DCs. > > regarding the Linux clients.. I think this was more so an issue on > my side with my DHCP lease. In testing I may have deleted my A and > PTR records for my Linux test client and the lease was for 2 days so > without it expiring it wouldn't re-register itself(i.e. the DHCP > server wouldn't re-register it). I'll test this again on monday after > the lease has expired and see what happens. What kind of DHCP server are you using? You should be using Win2k3 for DHCP, it can (and should) be configured with credentials to authenticate with DNS. > > re: WINS. We have WINS working on the production network, from our > old infrastructure, but I don't have it running on my test network > yet. I am planning on getting it running at some point soon however, > so I will keep that in mind and try that. I assume with WINS and the > Linux clients a Linux DHCP client in Boston should be able to lookup > a Linux DHCP client in dublin with no issues. Yes, if your WINS server replication is working. > > re: my last question regarding segregation of zone administration... > I don't quite follow what you said. You maintain 5 separate networks > and have access to each computer by name... I understand why we use > DNS etc... but here, I'm trying to figure out how to give a non > administrator access to his own zone(an Engineer in canada). It's > for political reasons that I need to allow him to make changes to his > own zone, and no other zone, while I retain access to make changes to > all of the zones. I figured this could've been done with security > tab permissions on each of the zones and the main server itself, but > whatever I tried didn't seem to work. The only way you can do this is with Connection Specific DNS suffixes assigned by DHCP. Then just like any other child domain, you have to delegate these in the parent Domain's zone. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This s =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oe.com/OEBackup/Default.aspx ===================================