Hi everyone, I've tried to explain this as simply as I can, so probably
given you all too much info as usual, but here goes.


I have a W2k3 AD Domain called xxx.yyy.com (real name withheld)
xxx.yyy.com is NOT used or registered for public DNS use. It is ONLY used
internally.

I have two DCs (W2k3) using AD Integrated for the main AD zone (xxx.yyy.com)
So far, only one of these (AD1) is a DNS server, so all servers point to
that for DNS.
All this is working fine...

Due to our company structure, we also have a couple of Primary
(non-integrated) zones on AD1, which are used to resolve some zones outside
(mainly the internal IPs for our public DMZ servers). We'll call these zones
Company1.com and Company2.com for example. Again, this is working fine...

To try and provide some fault tolerance/load balancing, I am now in the
process of making our second DC (AD2), a DNS server.
So far, I've installed DNS and it's replicating the AD integrated zone
xxx.yyy.com with no problems...

I've now got to add the other primaries, which are on AD1 (used to access
the public servers in the DMZ).


I have three options....either

1) Add the Company1.com and Company2.com zones to AD2 as secondaries from
AD1.
The way I see it, if AD1 goes down for a substantial period, AD2 will not be
able to refresh the zones, so will shut them down on AD2 as well. Correct? I
know this used to happen in the old NT days... I think this is a bad idea

2) Add Company1.com and Company2.com as Primary zones on AD2. Copy and tweak
the zone file from AD1 into AD2.
This means any changes on AD1 have also to be made on AD2. Not a good idea,
but we don't have too many hosts in there, so we could cope.

3) Make the Company1.com and Company2.com zones AD integrated, and allow
them to replicate to AD2 along with the domain zone xxx.yyy.com. This sounds
much easier to manage, but I wondered if there is any negative impact on the
domain.

Are AD integrated zones only designed to hold AD info, or can they be used
for ANY zone. I'm guessing that 'integrated' is just a method to store and
replicate the information across DCs/DNS servers..... not to actually
connect with (a non-existent) AD infrastructure for Company1.com and
Company2.com.

Can anybody shed any light? Is anyone else doing this? I think it's OK but
just want to check.

Thanks,

Jeff.

Read inline please.

In news:esTWJJUoIHA.1420@TK2MSFTNGP03.phx.gbl,
Jeff Whitehead <nospam.jeffwhitehead76@hotmail.com> typed:
> I'm guessing that 'integrated' is just a method
> to store and replicate the information across DCs/DNS servers.....
> not to actually connect with (a non-existent) AD infrastructure for
> Company1.com and Company2.com.
>
> Can anybody shed any light? Is anyone else doing this? I think it's
> OK but just want to check.

Your guess is correct, AD integrated is a secured method of the storage of
zone data.
It is OK to use ADI zones for any zone name you want.
Each server holds a zone and is a master of the zone, and will always list
themselves as the master.



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================