I had considered the cache issue, but I figured that since it would be an integrated zone, it would exist on multiple DNS servers. So if each DNS server read the record once, it would generate enough audit flags to let us know it is still being used globally. :)
As I said, it was a standard primary zone, so it was not a viable option anyway. :(
I forget that auditiing applies to integrated zones, so I never think of utilizing it anyway.
thanks,
Jef
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Subject: RE: Re: [ActiveDir] DNS on a DC or NOT
Date: Wed, 17 May 2006 12:13:49 -0400
Too bad you couldn't enable request logging in DNS itself. Auditing the entry is only going to tell you at least one thing asked for it, once in the cache, who knows how many asked. Scale is everything. :)
We have it on all of our DCs as well worldwide and have not seen an issue.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jef Kazimer
Sent: Wednesday, May 17, 2006 10:37 AM
To: ActiveDir@mail.activedir.org
Subject: RE: Re: [ActiveDir] DNS on a DC or NOT
But a question about integrated zones. I had an issue recently where a system owner wanted to know if people were resolving an old CNAME for one of their systems. They wanted to remove it from the zone, but wanted to verify it was not being used.
I thought about putting auditing on for the CNAME in question, and then just collect the logs from the DNS servers. Unfortunately it was a non integrated zone and this could not be done. :(
Does anyone use DNS Application partitions for certain zones?
Date: Wed, 17 May 2006 09:56:16 -0400
From: [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] DNS on a DC or NOT
Depending on how many DCs youhave in your environment, this might be a non-issue overall.We have DNS on all our DCs, and no adversity has been observed thus far...-ASB
On 5/17/06, Krenceski, William <[EMAIL PROTECTED]> wrote:This one
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of ASB
Sent: Wednesday, May 17, 2006 9:20 AMSubject: Re: [ActiveDir] DNS on a DC or NOT
Which blog entry...-ASB
On 5/17/06, Krenceski, William <[EMAIL PROTECTED] > wrote:I was reading Carlos's blog about not running DNS on the PDC emulator. It all makes perfect sense to not have DNS running on it. In my relatively small setup we have @60 servers, 560pc's, on 8 networks (some remote some vlans). I have 2 DC's at my main site with one at each remote site. All DC's are GC and DNS. I always thought that in order for DNS to work as AD integrated you're DNS servers had to be DC's. If that is NOT true my face is red for believing so for so long.William KrenceskiNetwork Administrator
Crush! Zap! Destroy! Junk e-mail trembles before the might of Windows Live(tm) Mail beta. Windows Live(tm) Mail beta
Crush! Zap! Destroy! Junk e-mail trembles before the might of Windows Live(tm) Mail beta. Windows Live(tm) Mail beta
