RE: [ActiveDir] DNS Server Architecture Recommendations

[Centenni, Jason]

Yes if you have DNS on a DC it should point to itself. There is often confusion about “islanding” but this is not the case with this scenario.   Here is part of a thread I was working with MS when contemplating the same thing.   http://support.microsoft.com/default.aspx?scid=kb;en-us;275278   This page also has some good DNS information:   http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/plan/bpaddsgn.mspx#XSLTsection129121120120   The advantages   If the DNS Server Service does not respond (service is stopped, etc) – the DC will fail over to the DNS server specified as alternate The Netlogon service will register SRV records on both himself and the server specified as alternate – this mitigates the “island” problem discussed in 275278.  Windows Server 2003 has code built in to automatically register the cname record to an alternate DC (even though it is only pointing to itself) in an attempt to mitigate this problem.   Windows 2000 DNS server does not do this.   Also – a couple other points we should be aware of when discussing DNS behavior.   If a DC is pointing to itself for DNS and another DC for alternate – when it attempts to resolve a name and it looks to itself and does not get the answer back (because the record is not there) – then that’s it – it will not go to the alternate.  If the DC is authoritative for the zone in which the query was made – the DC won’t check the alternate. If a client is pointing to a DC for DNS – it make no difference what DNS servers are specified on the DC’s TCP/IP settings.  The same rules apply to the client as outlined in #1.  If the client’s primary does not respond – it will move to the alternate, but it won’t move to the alternate if it can’t find the record in the zone for which the DC is authoritative.     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Les B. Minaker Sent: Tuesday, June 15, 2004 10:04 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS Server Architecture Recommendations   We are about to deploy a Win2K3 infrastructure parallel to an existing Windows NT environment. Initially, the environments will exist separately, so I have a degree of leeway with respect to playing with settings.   Network Configuration:   We have 22 branch sites on-network and I want each local site to resolve DNS queries themselves. In order to do this, I will be deploying DC's that also are DNS servers to each branch. As I said above, the Win2K3 existing on a different plane of reality and really does not affect the existing NT users.   My question revolves around DNS configuration issues. Should I make each server a primary DNS server that is AD integrated or should I go with a single "master" DNS server (located in a secure Data Centre) and make every other DC a secondary zone. And, what are the reasons why one option is "better" than the other?    Les Minaker [EMAIL PROTECTED]   This e-mail (including any attachments) is for the sole use of the intended recipient and may contain confidential information which may be protected by legal privilege. If you are not the intended recipient, please immediately notify me by reply e-mail, delete this e-mail and destroy any copies. Thank you.