Goggled and searched this NG for answer, but still need . (Jorge reply
on similar question on August 2, 2006 had good links)

MyCompany.com and OtherCompany.com are linked DMZ to DMZ via by dedicated
T1. OtherCompany.com has set up a special DNS server for MyCompany (and
other vendors) to use in their DMZ. This DMZ name server then links to
application servers at OtherCompany inside 2nd FW. Vendors can only reach
specific application servers / web sites.

I need to reduce the DNS queries to a minimum across the T1. Application my
users have was written such that a lot of DNS queries are used for each
application database update, refresh, or whatever. T1 traffic is very high.

My question: which method, Stub Zone or Conditional Forwarding, will result
in the least amount of DNS queries across T1 link? Plus which method can
have the my local DNS server(s) hold a cache of DNS resolution for a TTL of
12 hours or more? (refresh only during after hours.)

I hope I have asked my question correctly, I may have added too much
details, but trust me - the actual case is a lot more complex that this.

Phil

Hi
If I understand you correctly your main concern is T1 activity, correct?
Fastest way to resolve is = Secondary Zones - Why? Resolve all queries
locally and your T1 is only used for delta updates (only changes are
replicated).

Forwarding = You have better control of which servers does your Server
contact for queries resolution. (Needs Active link)

Stub Zones = The big advantage of Stub Zones is that updates NS records
automatically, so if new DNS servers are added, your DNS server you'll know
about that. (Needs Active Link)

IMO: I f your primary concern is link activity, you should use secondary
zones, by using Secondary zones all queries will be resolved locally, and T1
traffic will decrease significantly

take a look at
http://support.microsoft.com/default...b;en-us;811118

- Let me known what do you think
- Wait for other opinions.

--
I hope that the information above s you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Phil S." <nospam-m-phil-NoSpam@one two three m-a-p-s.net> wrote in message
news:ur8tYXqzGHA.4796@TK2MSFTNGP06.phx.gbl...
> Goggled and searched this NG for answer, but still need . (Jorge
> reply on similar question on August 2, 2006 had good links)
>
> MyCompany.com and OtherCompany.com are linked DMZ to DMZ via by dedicated
> T1. OtherCompany.com has set up a special DNS server for MyCompany (and
> other vendors) to use in their DMZ. This DMZ name server then links to
> application servers at OtherCompany inside 2nd FW. Vendors can only reach
> specific application servers / web sites.
>
> I need to reduce the DNS queries to a minimum across the T1. Application
> my users have was written such that a lot of DNS queries are used for each
> application database update, refresh, or whatever. T1 traffic is very
> high.
>
> My question: which method, Stub Zone or Conditional Forwarding, will
> result in the least amount of DNS queries across T1 link? Plus which
> method can have the my local DNS server(s) hold a cache of DNS resolution
> for a TTL of 12 hours or more? (refresh only during after hours.)
>
> I hope I have asked my question correctly, I may have added too much
> details, but trust me - the actual case is a lot more complex that this.
>
> Phil
>
>
>
>

> and T1 traffic will decrease significantly
*Little clarification about this: I'm assuming lots of changes on the
Primary zone, which isn't very common... Remember DNS will cache for a
period of time all recent maded queries for that Zone and DNS traffic will
normally be reduced, but again I only say that because you said that you had
lots of DNS traffic in your T1 link.

--
I hope that the information above s you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
news:OLxhaz0zGHA.576@TK2MSFTNGP03.phx.gbl...
> Hi
> If I understand you correctly your main concern is T1 activity, correct?
> Fastest way to resolve is = Secondary Zones - Why? Resolve all queries
> locally and your T1 is only used for delta updates (only changes are
> replicated).
>
> Forwarding = You have better control of which servers does your Server
> contact for queries resolution. (Needs Active link)
>
> Stub Zones = The big advantage of Stub Zones is that updates NS records
> automatically, so if new DNS servers are added, your DNS server you'll
> know about that. (Needs Active Link)
>
> IMO: I f your primary concern is link activity, you should use secondary
> zones, by using Secondary zones all queries will be resolved locally, and
> T1 traffic will decrease significantly
>
> take a look at
> http://support.microsoft.com/default...b;en-us;811118
>
> - Let me known what do you think
> - Wait for other opinions.
>
> --
> I hope that the information above s you
>
> Good Luck
> Jorge Silva
> MCSA
> Systems Administrator
>
> "Phil S." <nospam-m-phil-NoSpam@one two three m-a-p-s.net> wrote in
> message news:ur8tYXqzGHA.4796@TK2MSFTNGP06.phx.gbl...
>> Goggled and searched this NG for answer, but still need . (Jorge
>> reply on similar question on August 2, 2006 had good links)
>>
>> MyCompany.com and OtherCompany.com are linked DMZ to DMZ via by dedicated
>> T1. OtherCompany.com has set up a special DNS server for MyCompany (and
>> other vendors) to use in their DMZ. This DMZ name server then links to
>> application servers at OtherCompany inside 2nd FW. Vendors can only
>> reach specific application servers / web sites.
>>
>> I need to reduce the DNS queries to a minimum across the T1. Application
>> my users have was written such that a lot of DNS queries are used for
>> each application database update, refresh, or whatever. T1 traffic is
>> very high.
>>
>> My question: which method, Stub Zone or Conditional Forwarding, will
>> result in the least amount of DNS queries across T1 link? Plus which
>> method can have the my local DNS server(s) hold a cache of DNS resolution
>> for a TTL of 12 hours or more? (refresh only during after hours.)
>>
>> I hope I have asked my question correctly, I may have added too much
>> details, but trust me - the actual case is a lot more complex that this.
>>
>> Phil
>>
>>
>>
>>
>
>

Thank Jorge:

Yes! T1 traffic is the most important issue right now.

However, I may have jumped the gun by posting my question. Co-worker has
proposed a new theory that somehow our FW Cisco products are 1st routing all
Internet DNS queries over this DMZ T1, and after getting no reply then
sending the query out to our ISP DNS thru 2nd FW on DMZ. This could
account for the HUGE amount of DNS traffic on T1.

Thanks for your , and sorry if I posted in error.

Phil

"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
news:eOjEH80zGHA.4648@TK2MSFTNGP04.phx.gbl...
>> and T1 traffic will decrease significantly
> *Little clarification about this: I'm assuming lots of changes on the
> Primary zone, which isn't very common... Remember DNS will cache for a
> period of time all recent maded queries for that Zone and DNS traffic will
> normally be reduced, but again I only say that because you said that you
> had lots of DNS traffic in your T1 link.
>
> --
> I hope that the information above s you
>
> Good Luck
> Jorge Silva
> MCSA
> Systems Administrator
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
> news:OLxhaz0zGHA.576@TK2MSFTNGP03.phx.gbl...
>> Hi
>> If I understand you correctly your main concern is T1 activity, correct?
>> Fastest way to resolve is = Secondary Zones - Why? Resolve all queries
>> locally and your T1 is only used for delta updates (only changes are
>> replicated).
>>
>> Forwarding = You have better control of which servers does your Server
>> contact for queries resolution. (Needs Active link)
>>
>> Stub Zones = The big advantage of Stub Zones is that updates NS records
>> automatically, so if new DNS servers are added, your DNS server you'll
>> know about that. (Needs Active Link)
>>
>> IMO: I f your primary concern is link activity, you should use secondary
>> zones, by using Secondary zones all queries will be resolved locally, and
>> T1 traffic will decrease significantly
>>
>> take a look at
>> http://support.microsoft.com/default...b;en-us;811118
>>
>> - Let me known what do you think
>> - Wait for other opinions.
>>
>> --
>> I hope that the information above s you
>>
>> Good Luck
>> Jorge Silva
>> MCSA
>> Systems Administrator
>>
>> "Phil S." <nospam-m-phil-NoSpam@one two three m-a-p-s.net> wrote in
>> message news:ur8tYXqzGHA.4796@TK2MSFTNGP06.phx.gbl...
>>> Goggled and searched this NG for answer, but still need . (Jorge
>>> reply on similar question on August 2, 2006 had good links)
>>>
>>> MyCompany.com and OtherCompany.com are linked DMZ to DMZ via by
>>> dedicated T1. OtherCompany.com has set up a special DNS server for
>>> MyCompany (and other vendors) to use in their DMZ. This DMZ name server
>>> then links to application servers at OtherCompany inside 2nd FW.
>>> Vendors can only reach specific application servers / web sites.
>>>
>>> I need to reduce the DNS queries to a minimum across the T1.
>>> Application my users have was written such that a lot of DNS queries are
>>> used for each application database update, refresh, or whatever. T1
>>> traffic is very high.
>>>
>>> My question: which method, Stub Zone or Conditional Forwarding, will
>>> result in the least amount of DNS queries across T1 link? Plus which
>>> method can have the my local DNS server(s) hold a cache of DNS
>>> resolution for a TTL of 12 hours or more? (refresh only during after
>>> hours.)
>>>
>>> I hope I have asked my question correctly, I may have added too much
>>> details, but trust me - the actual case is a lot more complex that this.
>>>
>>> Phil
>>>
>>>
>>>
>>>
>>
>>
>
>

"Phil S." <nospam-m-phil-NoSpam@one two three m-a-p-s.net> wrote in message
news:OECZz64zGHA.3280@TK2MSFTNGP02.phx.gbl...
> Thank Jorge:
>
> Yes! T1 traffic is the most important issue right now.
>
> However, I may have jumped the gun by posting my question. Co-worker has
> proposed a new theory that somehow our FW Cisco products are 1st routing
> all Internet DNS queries over this DMZ T1, and after getting no reply then
> sending the query out to our ISP DNS thru 2nd FW on DMZ. This could
> account for the HUGE amount of DNS traffic on T1.
>

Jorge is correct but since there are so many choice in
Win2003 he probably omitted the real "best choice"
(for making the answer simple) -- AND if you have only
Win2003 DCs:

It's the same as far a speed as Secondaries but you get the
added benefit of better (more incremental and compressed)
replication across the WAN lines:

AD Integrated DNS

You would still use a Secondary for any NON-DC DNS
servers but the AD DNS DCs can replicate better and also
offer multi-mastered dynamic registrations (registering clients
don't have to traverse the WAN lines either.)


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

> Thanks for your , and sorry if I posted in error.
>
> Phil
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
> news:eOjEH80zGHA.4648@TK2MSFTNGP04.phx.gbl...
>>> and T1 traffic will decrease significantly
>> *Little clarification about this: I'm assuming lots of changes on the
>> Primary zone, which isn't very common... Remember DNS will cache for a
>> period of time all recent maded queries for that Zone and DNS traffic
>> will normally be reduced, but again I only say that because you said that
>> you had lots of DNS traffic in your T1 link.
>>
>> --
>> I hope that the information above s you
>>
>> Good Luck
>> Jorge Silva
>> MCSA
>> Systems Administrator
>>
>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>> news:OLxhaz0zGHA.576@TK2MSFTNGP03.phx.gbl...
>>> Hi
>>> If I understand you correctly your main concern is T1 activity, correct?
>>> Fastest way to resolve is = Secondary Zones - Why? Resolve all queries
>>> locally and your T1 is only used for delta updates (only changes are
>>> replicated).
>>>
>>> Forwarding = You have better control of which servers does your Server
>>> contact for queries resolution. (Needs Active link)
>>>
>>> Stub Zones = The big advantage of Stub Zones is that updates NS records
>>> automatically, so if new DNS servers are added, your DNS server you'll
>>> know about that. (Needs Active Link)
>>>
>>> IMO: I f your primary concern is link activity, you should use secondary
>>> zones, by using Secondary zones all queries will be resolved locally,
>>> and T1 traffic will decrease significantly
>>>
>>> take a look at
>>> http://support.microsoft.com/default...b;en-us;811118
>>>
>>> - Let me known what do you think
>>> - Wait for other opinions.
>>>
>>> --
>>> I hope that the information above s you
>>>
>>> Good Luck
>>> Jorge Silva
>>> MCSA
>>> Systems Administrator
>>>
>>> "Phil S." <nospam-m-phil-NoSpam@one two three m-a-p-s.net> wrote in
>>> message news:ur8tYXqzGHA.4796@TK2MSFTNGP06.phx.gbl...
>>>> Goggled and searched this NG for answer, but still need . (Jorge
>>>> reply on similar question on August 2, 2006 had good links)
>>>>
>>>> MyCompany.com and OtherCompany.com are linked DMZ to DMZ via by
>>>> dedicated T1. OtherCompany.com has set up a special DNS server for
>>>> MyCompany (and other vendors) to use in their DMZ. This DMZ name
>>>> server then links to application servers at OtherCompany inside 2nd FW.
>>>> Vendors can only reach specific application servers / web sites.
>>>>
>>>> I need to reduce the DNS queries to a minimum across the T1.
>>>> Application my users have was written such that a lot of DNS queries
>>>> are used for each application database update, refresh, or whatever.
>>>> T1 traffic is very high.
>>>>
>>>> My question: which method, Stub Zone or Conditional Forwarding, will
>>>> result in the least amount of DNS queries across T1 link? Plus which
>>>> method can have the my local DNS server(s) hold a cache of DNS
>>>> resolution for a TTL of 12 hours or more? (refresh only during after
>>>> hours.)
>>>>
>>>> I hope I have asked my question correctly, I may have added too much
>>>> details, but trust me - the actual case is a lot more complex that
>>>> this.
>>>>
>>>> Phil
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>