because I didn't think you could. Are you sure you could AD-intg conditionally-forwarded zones? They are not "real" zones in the normal sense, mind you. Sincerely,
D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Bernard, Aric Sent: Fri 11/19/2004 10:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones? Even more off topic.... D�j�, why don't you AD integrate those conditional forwarders so that you don't have to export and import the hive? Aric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, November 19, 2004 9:48 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones? How many new DCs are you adding per day/week/month? :) If I were doing this, Stub or Secondaries would take a back-seat. I would be investing in Conditional Forwarding. I would have all my other DNS servers forward unresolved queries to one or (ideally) 2 of MY DNS servers. On those 2 designated DNS servers, I will configure Conditional Forwarders for all the foreign zones hosted on the Unix boxen and specify the Unix boxes as the DNS servers to forward the queries to. QED. No messing with secondaries or notify or such any more from then on. When I introduce a new DC/DNS server into my environment, all I will need to do is configure it to forward to MY designated DNS servers. When I want to add more designated servers, I don't have to recreate the conditionally-forwarded zones. They are stored in the registry of the existing designated servers, so I will just go export and import the hive as necessary. Of course, all my rants above is predicated on your designated DNS servers being W2K3 servers. I don't think the problem of AD-intg secondaries is simply technical feasibility. I think (shut up, Al :)) it is more of practicality. Post-NT, you typically create secondaries for foreign zones [1]. Since the zones you are secondarying are "foreign", I think storing those foreign information in your AD is not a good idea. [1] I disagree with Minasi's recommendation of creating secondaries of every zones on every DNS server in a parent-child environment, but that's out of the scope of this discussion. Sincerely, D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Ken Cornetet Sent: Fri 11/19/2004 8:55 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones? Because I have a couple of dozen remote DCs that serve DNS for their locations. Our unix boxes are in a DNS zone that is handled by bind/unix server. All of my DCs carry this zone as a secondary. This works fine, but it is a bit of a pain to maintain. I have to remember to configure the zone on any new DCs, and I have to have the unix guys add a "notify" line on the bind server for the new DCs (OK, I don't HAVE to do the notify part...). Plus, replication of the zone is handled by DNS instead of the much more efficient AD replication. Ever since laying eyes on w2k3 DNS server, I've always wondered why the developers didn't allow for integrated secondaries. Don't get me wrong, integrated stubs are great, but between the two, I'd have thought integrated secondaries would have been the more desirable. I just assumed I was missing some technical reason that made it unfeasible. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, November 19, 2004 11:13 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones? Because when it's integrated, there is no concept of "secondaries" as we understood it to be in pre-2Kx world. It's there in AD, and any DC can see and write to it. Now, if you are secondarying the zones on another server located in another forest/network, why would you want to store that info in your own AD. You will not be modifying that zone locally on the secondary anyway. Or, are you intending to? Sincerely, D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Ken Cornetet Sent: Fri 11/19/2004 6:56 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones? OK, integrated stub zones are cool, but I'm curious - why did MS stop there? Why no integrated secondaries? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
