I need some DNS wisdom
I have a small domain with about 100 nodes. In this domain I have two domain controllers, Server 2003 standard with SP2, with an Exchange server (Exchange is the primary reason for the two domain controllers.) Both domain controllers have DNS and DCHP services running. Things seem to be working fine but I do wonder if my set up is optimal. First question is, should I let the DCHP assign external DNS addresses to the local workstations or should the DCHP only assign the local DNS servers and let the DNS handle the forwarding? Second, Im wondering if my two internal DNS servers are configured correctly. When I look at the DNS manager I see that both servers are listed and each server is AD integrated and listed as the primary. Each server is listed at the Start of Authority, one server will see itself as Start of Authority and the other will see itself as Start of Authority. Both servers see the other server as a naming serverso the question is, is this ok? Should one be secondary? Is it ok that both are listed as primary? There are no errors in the event logs for the DNS, and Exchange seems to be communication with both servers just fine makes me wonder if this is optimal. Third question, in the DNS manager under forwards I have listed by IP address the other internal DNS server followed by the three external DNS ip address given to me by my isp. So DNS server #1 order of forwards would be DNS server #2 followed by the three external ip address. Where DNS server #2 will list DNS server #1 first followed by the three external ip addresses. Question is, Do I really need to list the other DNS server under the forward IP address? The reason I wonder about t this is I see a potential loop of each server just forwarding back and forth. Last question, I noticed in my Reverse Lookup Zone there are several computers with the same IP address, up to four computers with the same ip address. Some of the computers dont exist anymore, is this normal? The Forward Lookup Zone does not have any duplicates, one ip address per workstation; only in the reverse lookup zone do I see multiple machines with the same ip address. Any wisdom would be great. Thank you.
February 27th, 2009 5:45am

Philldmcc said: ...should I let the DCHP assign external DNS addresses to the local workstations or should the DCHP only assign the local DNS servers and let the DNS handle the forwarding? ...Both servers see the other server as a naming serverso the question is, is this ok? Should one be secondary? ...Do I really need to list the other DNS server under the forward IP address?... Some of the computers dont exist anymore, is this normal? The Forward Lookup Zone does not have any duplicates, one ip address per workstation; only in the reverse lookup zone do I see multiple machines with the same ip address. ...No, since you're running an AD, only point your clints (and servers interfaces) to internal DNS servers. This will allow them to see the necessary resource record zones in your private domain dns -- Don't even use external as secondary. ...That's right, AD integrated domains all act as primary, no need for a secondary unless you use BIND compatible replication. As long as both servers are aware of the public forwarders and otherwise the same, there's really no need to forward recursively. You could tryscheduling stale record scavenging on the in-arpa zone -- this may help...?
Free Windows Admin Tool Kit Click here and download it now
March 3rd, 2009 12:25am

Adding to Jamie.....1. In AD environment clients need to resolve internal and external names, which mean if client is pointing to external DNS server, they will only able to resolve external names and all internal name query will fail. So idly we should point all AD clients to internal DNS server who holds valid domain name zone.2. All DNS server list them selves as Name Server. So if you have 2 domain controller acting as DNS, you will see 2 NS records. SOA records are used to check if DNS server is responsible for answering clients query and idely all primary zone will point to itself for SOA. Secondary zone will point primary server under SOA.3. It will not make sense to point second DNS server under forward (unless first DNS cannot reach external IP), you should list only external DNS server IP. If we add local DNS server, it will add one hope and due to which name resolution will be little slow.4. if you would like to delete records which doesn't exist anymore, use manual deletion or scavenging. Read below article before you enable scavening,http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspxHope this helps with understanding of DNS functionality
March 5th, 2009 10:35am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics