DNS best practices for hub and spoke AD Architecture? (Network Steve Forum)

DNS best practices for hub and spoke AD Architecture?

I have an Active Directory Forest with a forest root such as joe.co and the root domain of the same name, and root DNS servers (Domain Controllers) dns1.joe.co and dns2.joe.co

I have child domains with names in the form region1.joe.com, region2.joe.co and so on, with dns servers dns1.region1.joe.co and so on.

Each region has distribute offices that may have a DC in them, servers named in the form dns1branch1.region1.joe.co

Over all my DNS tests out okay, but I want to get the general guidelines for setting up new DCs correct.

Configuration:

Root DC/DNS server dns1.joe.co adapter settings points DNS to itself, then two other root domain DNS/DCs dns2.joe.co and dns3.joe.co.

The other root domain DNS/DCs adapter settings point to root server dns1.joe.co and then to itself dns2.joe.co, and then 127.0.0.1

The regional domains have a root dns server dns1.region1.joe.co with adapter that that points to root server dns1.joe.co then to itself.

The additional region domain DNS/DCs adapter settings point to dns1.region1.joe.co then to itself then to dn1.joe.co

What would you do to correct this topology (and settings) or improve it?

Thanks in advance

March 26th, 2015 9:43am

Hi,

According to your description, my understanding is that you need suggestion about your DNS topology.

In theory, there is no obvious problem. Except for the namespace and server plaining for DNS, zone is also needed to consideration. If you place DNS server on each domain and subdomain, confirm that if the traffic browsed by DNS will affect the network performance. Besides, fault tolerance and security are also necessary.

We usually recommend that:
DC with DNS should point to another DNS server as primary and itself as secondary or tertiary. It should not point to self as primary due to various DNS islanding and performance issues that can occur. And when referencing a DNS server on itself, a DNS client should always use a loopback address and not a real IP address. detailed information you may reference:
What is Microsoft's best practice for where and how many DNS servers exist? What about for configuring DNS client settings on DCs and members?
http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx#dnsbest

How To Split and Migrate Child Domain DNS Records To a Dedicated DNS Zone
http://blogs.technet.com/b/askpfeplat/archive/2013/12/02/how-to-split-and-migrate-child-domain-dns-records-to-a-dedicated-dns-zone.aspx

Best Regards,
Eve Wang

Free Windows Admin Tool Kit Click here and download it now

March 27th, 2015 3:21am

This topic is archived. No further replies will be accepted.