PHWinfo - Afficher un message - Default SOA and NS records with Windows 2000 AD Integrated DNS

06/02/2008, 08h06

In news:eqtutv$ZIHA.3652@TK2MSFTNGP02.phx.gbl,
Brad Baker <brad@nospam.nospam> typed:

> > > So you got me curious now, and with all due respect, I am not
> > > criticizing
> anyone, just curious - What was the reason for choosing to use DCs for
> public DNS servers? Just for AD integrated zones? There's a huge
> overhead with DCs just to reap that benefit, especially with hundreds
> of zones. Are these DCs your domain controllers for your internal
> corporate domain as well?
>
> As mentioned above - cost savings and ease. We already had DNS
> servers setup for AD I'm sure it just made sense at the time to
> re-use it. As far as performance goes we've never really noticed an
> issue.
> The only reason we're running into a problem now is due to the way AD
> integrated DNS works - I.E. it seems to register some records
> (primarily SOA and NS) itself and its using server names that we
> don't really want utilized. We're planning up upgrading our DC's and
> as such the DC server names will change. This will result in problems
> with all our DNS zones as I think we will end up with invalid NS
> records and conceivably SOA records.

This is default DC behavior. Lot's of tinkering and registry alterations to
FORCE it to work. It's not really worth it. Another reason to use
standalones. DCs are DCs and for a DC to work, it registers records beyond
just the IP address and hostname because the netlogon service also regsiters
data that you should not alter. Another reason...

I can't see costs savings when it involves administrative overhead to
maintain and figure out how AD should work and how to alter default behavior
to make it work so it is just a DNS server.

>
>
>
> > Multihoming a DC can be a disaster for the DC as well.
>
> I've heard that before from Microsoft support - one of our two dcs/dns
> servers has multiple IPs on it. I'm hoping to fix that when we
> upgrade AD.

Upgrading AD will not with multiple NICs. It is NOT advised to
multihome a DC. Period. Google 'multihomed DCs' and view my comments as well
as other engineers'. Due to DNS registration of SRV records and the
LdapIpAddress and GcIpAddress records, multihoming causes major issues with
DCs.

Ace

06/02/2008, 08h06	#6
Ace Fekay [MVP] Messages: n/a Hébergeur:	Re: Default SOA and NS records with Windows 2000 AD Integrated DNS In news:eqtutv$ZIHA.3652@TK2MSFTNGP02.phx.gbl, Brad Baker <brad@nospam.nospam> typed: > > > So you got me curious now, and with all due respect, I am not > > > criticizing > anyone, just curious - What was the reason for choosing to use DCs for > public DNS servers? Just for AD integrated zones? There's a huge > overhead with DCs just to reap that benefit, especially with hundreds > of zones. Are these DCs your domain controllers for your internal > corporate domain as well? > > As mentioned above - cost savings and ease. We already had DNS > servers setup for AD I'm sure it just made sense at the time to > re-use it. As far as performance goes we've never really noticed an > issue. > The only reason we're running into a problem now is due to the way AD > integrated DNS works - I.E. it seems to register some records > (primarily SOA and NS) itself and its using server names that we > don't really want utilized. We're planning up upgrading our DC's and > as such the DC server names will change. This will result in problems > with all our DNS zones as I think we will end up with invalid NS > records and conceivably SOA records. This is default DC behavior. Lot's of tinkering and registry alterations to FORCE it to work. It's not really worth it. Another reason to use standalones. DCs are DCs and for a DC to work, it registers records beyond just the IP address and hostname because the netlogon service also regsiters data that you should not alter. Another reason... I can't see costs savings when it involves administrative overhead to maintain and figure out how AD should work and how to alter default behavior to make it work so it is just a DNS server. > > > > > Multihoming a DC can be a disaster for the DC as well. > > I've heard that before from Microsoft support - one of our two dcs/dns > servers has multiple IPs on it. I'm hoping to fix that when we > upgrade AD. Upgrading AD will not with multiple NICs. It is NOT advised to multihome a DC. Period. Google 'multihomed DCs' and view my comments as well as other engineers'. Due to DNS registration of SRV records and the LdapIpAddress and GcIpAddress records, multihoming causes major issues with DCs. Ace